Having a file-locker on your computer is guaranteed to cause potentially irreversible damage to the majority of your files. Although there are some low-quality file-lockers that are decryptable via free tools easily, this might not be the case with the RT4BLOCK Ransomware. This file-encryption Trojan is a slightly modified version of the RotorCrypt Ransomware that might be compatible with the free Rakhni Decryptor under certain circumstances. However, the RT4BLOCK Ransomware was first seen just days ago so that there is not enough data to determine whether the free decryption utility will be compatible with this version as well.

A New Variant of RotorCrypt may be after Your Files

When the RT4BLOCK Ransomware infiltrates a computer, it will begin to work in the background and scan the compromised computer’s hard drive. To be as efficient as possible, the RT4BLOCK Ransomware will only encrypt particular file formats that are most likely to contain valuable data – documents, spreadsheets, databases, archives, images, etc. Overall, the goal of the attackers is to capture the victim’s most valuable files, therefore increasing the chance that they will agree to purchase a decryption tool.

’===================================================================================================
We want to give you important information.
Your files are fine, but they are in a locked state.
Attention!!!
time is limited, long waiting is fraught with data loss, we recommend contacting by email immediately
attached to the file name and in this text document.

Please note!!!!!!!!!!!!!
In case of attempts to restore files by third-party programs, your files will be damaged forever!
Your computer has a unique code, if this code is damaged, you will also lose all your files!
We have the right to detect attempts to restore files manually, destroy code and files irrevocably,
as well as analytical data of your company will be transferred to experts for further action!

In case of cooperation with us, we will return all your files to their original state, as well as get information on
your server protection and analytical data will be removed from our database.

Primary mail for communication: [email protected]

______________________15 days to reply, after a while the data will be erased_______________________’

The RT4BLOCK Ransomware marks locked files with the custom extension ‘!-information-…[email protected]___….RT4BLOCK.’ Just like other file-encryption Trojans, this one also provides all victims with a ransom note that contains contact details and decryption instructions – the full text is found in ‘NEWS_INGiBiToR.txt.’

The Perpetrators Offer a Decryptor in Exchange for Bitcoin

The file reveals that the attackers can be reached by sending a message to [email protected]. They do not mention the price of the decryptor they offer, but they do state that Bitcoin is the only payment method they work with. Unfortunately, there is no proof that they own a working decryptor so that there is a fair chance that the whole thing might be a hoax aimed to cause damage to your files, and then trick you into giving the attackers your money willingly. It is not a good idea to contact the RT4BLOCK Ransomware’s authors – if you send them the Bitcoin, you will never be able to get it back.

The correct thing to do in a situation like this is to take care of the RT4BLOCK Ransomware’s removal by using a trustworthy anti-malware tool. After you do this, you can try popular data recovery options and programs.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]