TBlocker Ransomware is a file-encryptor that can silently corrupt your photos, documents, videos, and other personal files that are stored on the corrupted operating system. In most cases, when a file-encryptor corrupts files, there is no turning back, and the recovery of lost data is impossible. According to our research team, this is not the case with this particular infection. It was found that “Password” works as a decryption key, and so your files should be freed as soon as you enter it. That is a very unique situation because, in most cases, obtaining decryption keys is impossible. Needless to say, if the special key works, there is no reason for you to pay attention to the ransom demands that the creator of the ransomware represents via a screen-size window that is launched as soon as the encryption is complete. We would not recommend paying the ransom even if the decryption key was not publicly available. Overall, whether or not you recover your files, you must delete TBlocker Ransomware, and this is what we discuss in this report.
Were you introduced to the ransom message by TBlocker Ransomware? If you were, you might believe that your computer was locked. In fact, the infection simply disables the Explorer (explorer.exe), and it was found that that can be fixed by entering code “580933.” If you cannot regain access to the system, we suggest rebooting the system to Safe Mode or Safe Mode with Networking. Unfortunately, some victims of the malicious TBlocker Ransomware could be scared into paying the ransom. This ransom is 250 USD, and victims are meant to pay it in Bitcoins to a Bitcoin wallet that belongs to cyber criminals. In retrospect, this is not an incredibly huge ransom, and so it is possible that victims would pay it. The ransom note includes this warning: “At the expiration of time all your files will be made public on the internet and the PC will be permanently locked.” Could cyber criminals steal your personal files and make them public online? Even if they could do it, it is unlikely that they would. When it comes to the permanent lockdown of the computer, you should not pay much attention to this threat either. Of course, you do not want to wait and see what happens. Instead, you want to take matters into your hands, and that includes removing TBlocker Ransomware.
When you unlock the screen and decrypt files – which, hopefully, you can do using the “580933” and “Password” codes – you need to restore the Task Manager. The malicious TBlocker Ransomware disables it using a registry key named “DisableTaskMgr.” You can disable it via the Registry Editor by moving to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System and deleting the unwanted key. Note that the removal instructions below include this step, and so you can follow them if you need step-by-step guidance. Once you do that, you are free to remove TBlocker Ransomware launcher. If you are blocked from doing it, you might have to launch Task Manager and kill the malicious process representing the .exe file first. According to our research, the .exe file is most likely to be placed in a folder named “temp” in the %TEMP% directory, but, of course, we cannot guarantee this.
TBlocker Ransomware encrypts files using the DES algorithm, and when it does that, you can find “_” attached to their original names (e.g., “example.doc” after encryption is changed to “example.doc_”). As we discussed already, you should be able to decrypt all files using the “Password” key. Unfortunately, if your operating system was attacked by any other file-encryptor, it is unlikely that you would be able to resolve the situation just as easily. Once you remove TBlocker Ransomware, you need to think about two things: Virtual protection and file backups. Clearly, you need a trustworthy security system, and we suggest installing anti-malware software because it will also automatically erase the ransomware. When it comes to personal files, we suggest setting up external or cloud storage to ensure that you can recover files even if your operating system is compromised or your computer faces physical damage. If you want to discuss this further, use the comments section below to start a conversation.