Security researchers from Sensor Tech have found a new ransomware variant that damages Windows installations on purpose in such a way that the OS will no longer start. The ransomware is called BadBlock and not only encrypts all kinds of video, image and document files, but also important Windows system files.
Once the ransomware has done its job, the computer will no longer boot into Windows, because essential system files are encrypted. Instead of booting, Windows will show an error message stating, “Windows can’t start because the following file is missing or corrupt: <Windows root\system32\ntoskrnl.exe. Please re-install a copy of the above file.”
Interesting is that Badblock warns its victims that it is doing its nasty job. This is different from most other ransomware, it’s common for them to show a message once all files are encrypted. Badblock starts to show a message as soon as it becomes active which allows users to stop the process using task manager.
The cybercriminals behind Badblock demand a ransom of 2 Bitcoin ($1144) but victims can decrypt their files for free, thanks to Emisoft’s security researcher Fabian Wosar. He has made a free tool that is able to decrypt files encrypted by Badblock.