RackCrypt Ransomware
Posted: January 25, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 21 |
First Seen: | January 25, 2016 |
---|---|
Last Seen: | July 10, 2022 |
OS(es) Affected: | Windows |
The RackCrypt Ransomware is a Trojan that encrypts your files and then asks for money in return for restoring them. Since paying the RackCrypt Ransomware's ransom can't guarantee the provision of a real decryption service, malware experts always encourage keeping secure backups that can avoid the payloads of threats like the RackCrypt Ransomware. Most PC users should remove the RackCrypt Ransomware with anti-malware products able to detect its frequently mislabeled components, which may disguise themselves as being other applications.
The Program Putting Your Finances on the Rack
The RackCrypt Ransomware is a Windows-based Trojan that gains access to your PC by misrepresenting itself as being another program and scans all hard drives for specific files. Some formats included in the RackCrypt Ransomware attacks include PowerPoint data, various text documents, ZIP archives, audio libraries, and even some movie files. The dozens of file types affected by the RackCrypt Ransomware undergo an encryption process with the intent of making the files unopenable.
The files also are renamed with an additional '.rack' extension. Note that, as usual, this extension is a cosmetic change for user identification purposes. Renaming the files and removing the new extension does not reverse the encryption process.
Once the RackCrypt Ransomware finishes its primary payload, it loads a custom ransom message in the format of a Windows alert, including a built-in file viewer and additional messages related to the transaction process for 'buying' a file decryptor. Like other file encryptors encountered by malware analysts, the RackCrypt Ransomware prefers payments in the form of Bitcoin and warns the victim of a time limit. Current ransoms from the RackCrypt Ransomware price themselves at an equivalent of 300 USD, with no certainty of getting anything in return.
Rescuing Your Files from Torture by a Threat
Whereas most file encryptors content themselves with simple text messages or JPG-based ransoms, the RackCrypt Ransomware includes a well thought-out pop-up that tries to make paying its ransom as 'user-friendly' as possible. Despite that ease of use, paying the RackCrypt Ransomware's authors for your files holds the same unreliability as all other cash transactions with con artists. Malware analysts recommend keeping preventative backups, such as cloud storage, whenever possible, for protecting valuable data from the RackCrypt Ransomware and any other file encryptors. In some cases, PC security companies also may provide free decryption tools, particularly for widely-distributed Trojans of this category.
The RackCrypt Ransomware does include some defensive measures against being uninstalled, and often uses intentionally-misnamed files, such as 'Firefox.exe' or 'smss.'exe (a native Windows file). Whenever removing the RackCrypt Ransomware, you should take any other steps needed to disable it and other threats, such as restarting Windows into Safe Mode, or booting the machine from a separate USB drive. Allow your anti-malware tools to scan your entire PC and remove the RackCrypt Ransomware in full, including all Registry entries related to giving it admin access.
However, anti-malware programs and decryptors are separate utilities and deleting the RackCrypt Ransomware can't restore files that have been impacted by its encryption payload automatically. Preemptive prevention and good backups still are critical to defeating the RackCrypt Ransomware and many Trojans like it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.