Razy Ransomware
Posted: August 1, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 51 |
First Seen: | August 1, 2016 |
---|---|
OS(es) Affected: | Windows |
The Razy Ransomware is a Trojan that encrypts your content and may display ransom messages selling its victims a decryption service. Contrary to the implications of its ransom notes, the Razy Ransomware uses an encryption method that does not preserve critical data required for restoring the affected files, and malware experts recommend not paying its fee particularly. You should delete the Razy Ransomware through the usual anti-malware procedures and restore your content from any available backups.
When Your Files Start Razzing You
Most online and threat hoaxes struggle to balance the internal tensions between authenticity and misappropriated profitability, but nowhere is that trait more observable than with Trojans dedicated to ransoming data. Malware researchers have seen different threat authors responding to these issues in diverse ways, such as faking encryption attacks, claiming that their encryption algorithms are stronger than they are, and even misrepresenting deleted files as encrypted ones. The new Razy Ransomware shows another way Trojan developers can manipulate their victims for making money.
A German developer created the Razy Ransomware for supposedly educational purposes originally, with links to early builds provided in his first sources. Although the developer claims not to be using the Trojan for attack campaigns, remote attackers have begun distributing the Razy Ransomware through unknown methods, infecting PC users seemingly arbitrarily.
The Razy Ransomware uses some features that it 'borrows' from the Cerber Ransomware, but malware experts determined that it's notably different from that Trojan regarding how it encrypts data. Instead of targeting files by their formats, the Razy Ransomware targets all content inside the following Windows directories:
- Desktop
- Documents
- Music
- Pictures
- Videos
The Razy Ransomware sends files in these folders through an AES encryption routine but discards the key needed for decrypting the content and restoring it. Despite that unusual step (either an oversight or an intentional, malicious act), the Razy Ransomware still displays ransom messages that offer to sell its victims a decryption service. Unlike the Cerber Ransomware, the Razy Ransomware doesn't use a live countdown to determine further actions, such as increases in ransoms or launching new attacks.
Taking the Sting out of Being Razzed by Trojans
The Razy Ransomware infections are identifiable by their Cerber Ransomware-inspired ransom messages, their additional text-to-speech functions, and their appending of '.the Razy' extensions to encrypted content in the locations mentioned above. With its original developer disclaiming any knowledge of this threat's still-unidentified distribution model, the PC security sector will need time to determine whether the Razy Ransomware is installing itself by e-mail attachments, spam links, drive-by-downloads or other methods.
Since there is no gain from paying the Razy Ransomware's ransom, malware experts suggest regarding all encrypted files as being de facto deleted. The irreversible nature of the Razy Ransomware's attack, while rare, is not unheard of among other Trojans of the same category, and is best counteracted by keeping backups out of the reach of an infection. Traditional solutions include removable storage devices and cloud storage.
Deleting the Razy Ransomware with your installed anti-malware products will not restore any encrypted content, but will prevent the Trojan from damaging any newly-introduced data in the targeted locations. The Razy Ransomware is only compatible with Windows currently and targets files pertinent to Windows users, although it doesn't harm the folder in use for the Windows operating system. Until its campaign's distribution is detected and curtailed, Windows users will need to be especially aware of the dangers behind paying for what should be theirs in the first place.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 946.68 KB (946688 bytes)
MD5: ec9c3efe831aaa203058927df7de6138
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 15, 2016
file.exe
File name: file.exeSize: 163.84 KB (163840 bytes)
MD5: 93e551a1f52faea0d90ab9cd3d524ae9
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 2, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.