RackCrypt Ransomware

Posted: January 25, 2016
Threat Metric
Threat Level: 8/10
Infected PCs 5

RackCrypt Ransomware Description

The RackCrypt Ransomware is a Trojan that encrypts your files and then asks for money in return for restoring them. Since paying the RackCrypt Ransomware's ransom can't guarantee the provision of a real decryption service, malware experts always encourage keeping secure backups that can avoid the payloads of threats like the RackCrypt Ransomware. Most PC users should remove the RackCrypt Ransomware with anti-malware products able to detect its frequently mislabeled components, which may disguise themselves as being other applications.

The Program Putting Your Finances on the Rack

The RackCrypt Ransomware is a Windows-based Trojan that gains access to your PC by misrepresenting itself as being another program and scans all hard drives for specific files. Some formats included in the RackCrypt Ransomware attacks include PowerPoint data, various text documents, ZIP archives, audio libraries, and even some movie files. The dozens of file types affected by the RackCrypt Ransomware undergo an encryption process with the intent of making the files unopenable.

The files also are renamed with an additional '.rack' extension. Note that, as usual, this extension is a cosmetic change for user identification purposes. Renaming the files and removing the new extension does not reverse the encryption process.

Once the RackCrypt Ransomware finishes its primary payload, it loads a custom ransom message in the format of a Windows alert, including a built-in file viewer and additional messages related to the transaction process for 'buying' a file decryptor. Like other file encryptors encountered by malware analysts, the RackCrypt Ransomware prefers payments in the form of Bitcoin and warns the victim of a time limit. Current ransoms from the RackCrypt Ransomware price themselves at an equivalent of 300 USD, with no certainty of getting anything in return.

Rescuing Your Files from Torture by a Threat

Whereas most file encryptors content themselves with simple text messages or JPG-based ransoms, the RackCrypt Ransomware includes a well thought-out pop-up that tries to make paying its ransom as 'user-friendly' as possible. Despite that ease of use, paying the RackCrypt Ransomware's authors for your files holds the same unreliability as all other cash transactions with con artists. Malware analysts recommend keeping preventative backups, such as cloud storage, whenever possible, for protecting valuable data from the RackCrypt Ransomware and any other file encryptors. In some cases, PC security companies also may provide free decryption tools, particularly for widely-distributed Trojans of this category.

The RackCrypt Ransomware does include some defensive measures against being uninstalled, and often uses intentionally-misnamed files, such as 'Firefox.exe' or 'smss.'exe (a native Windows file). Whenever removing the RackCrypt Ransomware, you should take any other steps needed to disable it and other threats, such as restarting Windows into Safe Mode, or booting the machine from a separate USB drive. Allow your anti-malware tools to scan your entire PC and remove the RackCrypt Ransomware in full, including all Registry entries related to giving it admin access.

However, anti-malware programs and decryptors are separate utilities and deleting the RackCrypt Ransomware can't restore files that have been impacted by its encryption payload automatically. Preemptive prevention and good backups still are critical to defeating the RackCrypt Ransomware and many Trojans like it.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RackCrypt Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RackCrypt Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.