Badblock ransomware damages Windows so it won’t boot anymore

vbimport

#1

We’ve just posted the following news: Badblock ransomware damages Windows so it won’t boot anymore[newsimage]http://www.myce.com/wp-content/images_posts/2016/06/badblock-main-sensorstechforum-95x75.jpg[/newsimage]

Security researchers from Sensor Tech have found a new ransomware variant that damages Windows installations on purpose in such a way that the OS will no longer start.

            Read the full article here: [http://www.myce.com/news/badblock-ransomware-damages-windows-wont-boot-anymore-79598/](http://www.myce.com/news/badblock-ransomware-damages-windows-wont-boot-anymore-79598/)

            Please note that the reactions from the complete site will be synched below.

#2

News not also told…

thanks to Emisoft’s security researcher Fabian Wosar. He has made a free tool that is able to decrypt files encrypted by Badblock.


#3

As for that encrypted ntoskrnl.exe file, if you know a person who has the [I]exact[/I] same version of Windows as you (preferably with the same updates as you), you can simply copy the file from said person on to a flash drive. You should then be able to use a bootable disc (there are plenty of them: Ubuntu, Hiren’s BootCD, your own Windows (re)installation media… take your pick), and replace the encrypted file with an unencrypted file.

You might also want to run a malware scan before booting. Did I mention there are plenty of anti-malware rescue discs just waiting to be downloaded? In my experience, that’s the best way to clean up those nasty root kits.