BadBlock targets Windows OS and is distributed via websites containing malicious Javascript or exploit kits delivering fake Adobe Flash Player updates, as well as through malicious email attachments. Researchers note that this variant is so poorly coded that it not only encrypts data files, but it also encrypts Windows system files and executables, rendering the system completely unusable if it is rebooted after infection. BadBlock also displays a ransom note during encryption, allowing the victim to terminate the process badransom.exe in Task Manager and prevent further file encryption. It demands a ransom payment of 2 Bitcoin.

  • Bleeping Computer provides more information about BadBlock here.
  • Emsisoft offers a free decryption tool for BadBlock, available here.