What is Bloccato
Bloccato is dangerous virus, that belongs to the family of ransomware crypto-viruses. It uses AES-256 asymmetric encryption algorithm to encrypt users personal files on infected computer. Virus adds .bloccato extension to all encrypted files and creates LEGGI QUESTO FILE.txt text file that contains instructions to pay the ransom and obtain private decryption key. Ransom is 5 BitCoins or $2200+. One of the peculiar properties of Bloccato ransomware is that if ransom is not paid within 72 hours the payment will double to 10 BTC. If the ransom is not paid within next 72 hours virus will delete private key permanently which will result in loosing your files, unless you have a backup. There are some methods that can help you to remove Bloccato virus and decrypt .bloccato files that we will explain in this article.
How Bloccato infected your PC
Bloccato attack computers running Windows 10, Windows 8 or Windows 7 operating systems. Our research shows that Bloccato ransomware is usually distributed via fake software updates, torrent networks, malicious email attachments (for example, fake invoices), and/or trojans and backdoors. After infection virus copies main file to %AppData% folder and starts encryption process. These are the file types affected by Bloccato:
.avi, .csv, .dbf, .dif, .doc, .docx, .dwg, .dxf, .eps, .fm3, .html, .jpeg, .jpg, .mdb, .mov, .odt, .pdf, .png, .pps, .ppt, .pptx, .psd, .rar .rtf, .sql, .txt, .wks, .xls, .xlsx, .xml, .zip
Download Bloccato Removal Tool
To remove Bloccato completely we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders and registry keys of Bloccato.
As a good free alternative to remove Bloccato use Malwarebytes Anti-Malware. It will detect core files and processes of Bloccato ransomware and eliminate them to allow you start decryption of your files.
How to remove Bloccato manually
It is not recommended to remove Bloccato manually, for safer solution use Removal Tools instead.
LEGGI QUESTO FILE.txt
Bloccato registry keys:
How to decrypt and restore .bloccato files
Use automated decryptors
Ransomware decryptor from Kaspersky may be useful in this case. It is free and easy to use. Download Kaspersky Ransomware Decryptor here:
There is no purpose to pay the ransom, because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
If you are infected with Bloccato ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses like Bloccato in future
Use Malwarebytes Anti-Ransomware Beta
Famous anti-malware vendor Malwarebytes along with EasySync Solutions created tool that will help you with active anti-ransomware protection as additional shield to your current protection.
Use HitmanPro.Alert with CryptoGuard
Dutch vendor of legendary cloud-based scanner HitmanPro – Surfright released active antivirus solution HitmanPro.Alert with CryptoGuard feature that effectively protects from latest versions of cryptoviruses.