.RT4BLOCK Files Virus (RotorCrypt Ransomware) — How to Remove It

.RT4BLOCK Files Virus (RotorCrypt Ransomware) — How to Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

.RT4BLOCK Files Virus virus remove

What is .RT4BLOCK files virus .RT4BLOCK files virus is also known as .RT4BLOCK ransomware and encrypts users’ files while asking for a ransom.

The RT4BLOCK files virus is a new version of the RotorCrypt ransomware which has been spotted in an active campaign. This new release is pushed to targets across the world and by the reports there may be several distribution methods being used at once. In the end the victims will find that their sensitive files have been processed by the engine. They will be locked and made unavailable with an accompanying ransom note blackmailing them into paying a “decryption fee”.

Threat Summary

Name.RT4BLOCK files virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.
SymptomsThe ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .RT4BLOCK files virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .RT4BLOCK files virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.RT4BLOCK Files Virus – Detailed Description

As the .RT4BLOCK Files Virus is descendant from the RotorCrypt ransomware we expect its samples to be spread using several of the most popular methods at once. One of the main tactics used by hackers is to prepare phishing email messages or construct such phishing sites. They are modeled to appear as legitimate companies or services urging the recipients into interacting with the content — clicking on links or downloading software. Such behavior will trigger the virus delivery.

The virus infections can also be caused by interaction with malicious files. They can take the form of macro-infected documents which can take all popular formats: presentations, text documents, databases and spreadsheets. When they are opened the users will be asked to enable the built-in scripts, if this is done the .RT4BLOCK Files Virus infection will begin. The other alternative is to create malware setup packages of popular software. They are made by taking the legitimate installers from their official sources and modifying them to include the virus code.

These files can also be uploaded to the relevant file-sharing networks such as BitTorrent where both pirate and legitimate data can be acquired.

Following previous versions of the RotorCrypt family we anticipate tha large-scale infections can also be done by the interaction with malicious web browser plugins. The hackers use phishing strategies in order to lure in more visitors into installing them. This is done by posting an elaborate description with fake user reviews and criminal credentials.

Due to the fact that this virus is a variant of the RotorCrypt ransomware we anticipate that the most common malware actions will be run prior to the actual file encryption. A list of the most popular modules is the following:

  • Persistent Installation — The .RT4BLOCK Files Virus can be installed as a persistent threat meaning that the engine will edit the boot options in order to automatically start as soon as the computer is powered on. It can also disable access to the recovery boot options thereby making it very diffcult to follow most manual user removal guides.
  • Security Bypass — The .RT4BLOCK Files Virus can search for any security software that can block the proper delivery of the threat. The list of the target applications includes the following: anti-virus programs, sandbox environments, virtual machine hosts and etc.
  • Information Harvesting — The .RT4BLOCK Files Virus can include a data harvesting module which can hijack user information and machine metrics. This is done by programming the engine to look for specific strings in memory and on the hard disk drive. The collected information can be used for identity theft and financial crimes. The machine information can be used to generate an unique ID for every infected host.
  • Windows Registry Changes — If the .RT4BLOCK Files Virus include this functionality then the engine can edit or create new strings in the Windows Registry. This can lead to data loss, system issues and the inability to access certain functions.

When everything has completed running the encryption phase will run. As a RotorCrypt variant it will follow a built-in list of target file type extensions: archives, multimedia files, documents, backups, databases and etc. When the processing has completed the victim files will be renamed with the .RT4BLOCK extension, the associated ransomware note will be crafted in a file called NEWS_INGiBiToR.txt.

.RT4BLOCK Files Virus – What Does It Do?

The .RT4BLOCK Files Virus is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.

You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.

The .RT4BLOCK Files Virus cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove .RT4BLOCK Files Virus

If your computer system got infected with the .RT4BLOCK Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share