Cockblocker Ransomware

What is Cockblocker Ransomware?

Cockblocker Ransomware is one of the newest ransomware infections detected recently by experts working in the field of cyber security. It might not do anything bad to your files, or it might encrypt them all like other ransomware infections do. It depends on the version you encounter. According to specialists, one version of Cockblocker Ransomware does not encrypt files at all, whereas the other one locks them using the RSA encryption algorithm. Unfortunately, if the latter version encrypting users’ files ever sneaks onto your computer, it, most probably, means that you have lost your personal files forever. It is because it is impossible to contact cyber criminals and there is no information regarding the decryption of files left on the ransom note opened. Since this ransomware infection does not ask users to pay money and does not always encrypt the personal data, specialists believe that it might still be in development. If it is true, the final version of this malicious application might be released soon and act slightly differently than the one described in this article. No matter which version of Cockblocker Ransomware sneaks onto your computer, it has to be deleted from the system as soon as possible.testtest

What does Cockblocker Ransomware do?

The working version of Cockblocker Ransomware encrypts files the moment the malicious file is opened by a user. Users can see the encryption process happening in the CMD (Command Prompt) window opened. It is not the only one visible on the screen. A small pop-up window with one word OK is shown to users as well. Clicking the OK button results in the appearance of a new window called RansomwareDisplay. It should probably work as a ransom note, but at this early stage of development, it only contains a text full of errors saying that files have been encrypted and a Bitcoin has to be sent to the developer to get those files back. Since there is not much information about the decryption of files and cyber criminals have not left their email address, it is impossible to transfer money to get the files decrypted. As you have probably already noticed, almost all documents, pictures, and other valuable files have a new filename extension .hannah, which means that all of them are encrypted. Even though it is impossible to get the key for unlocking files, you should still try to crack it using third-party software. Alternatively, you can recover files from a backup you have created before the entrance of this file-encrypting threat. Keep in mind that there is a version that does not encrypt files. You will not need to go to unlock your personal data in this case, but you will still need to erase the ransomware infection fully from your system.

The version encrypting files not only encrypts users’ personal data. It has been found that it communicates with its C&C server ( every day too, which means that it uses the Internet connection without permission. In this sense, it is very similar to other recently released ransomware infections, e.g. Dharma Ransomware and CryptoWire Ransomware. Even though it shares similarities with other existing ransomware infections, it slightly differs from them too. For example, it does not lock the screen, does not make modifications in the system registry, does not place its files in different directories, does not create a point of execution, and does not block the Task Manager and Registry Editor (system tools) like some other threats that are known to be ransomware infections do. This means that it should be easier to delete it from the computer too.

Where does Cockblocker Ransomware come from?

Even though Cockblocker Ransomware is not a prevalent threat yet, researchers working at have already managed to find out how this computer infection is spread. It is, probably, not the only way how ransomware infections are distributed but, as research has shown, they are mainly disseminated through spam emails. To be more specific, the malicious file comes as an email attachment. It might even look like a simple document to deceive users into opening it. Have you recently opened an attachment from a spam email too? If so, it is not at all surprising that you have this threat installed on the computer. After you delete it, stay away from the spam email folder in order not to allow similar threats to enter the system. In addition, you should install a security application in order to protect your PC from harm.

How to delete Cockblocker Ransomware

Personal data encrypted by Cockblocker Ransomware will not be automatically unlocked after the removal of the ransomware infection; however, you should still get rid of all the components of this threat. Actually, you will not need to remove many files because Cockblocker Ransomware does not create them. The only file that needs to be deleted is the malicious file opened by a user. Follow the step-by-step instructions you can find below or use an automatic malware remover, e.g. SpyHunter to clean your computer.

Cockblocker Ransomware removal guide

  1. Open the Windows Explorer.
  2. Check Desktop, %TEMP%, and %USERPROFILE%\Downloads to locate the malicious file.
  3. Delete it.
  4. Clear the Recycle bin.
100% FREE spyware scan and
tested removal of Cockblocker Ransomware*

Leave a Comment

Enter the numbers in the box to the right *