Razy Ransomware

Posted: August 1, 2016
Threat Metric
Threat Level: 10/10
Infected PCs 51

Razy Ransomware Description

The Razy Ransomware is a Trojan that encrypts your content and may display ransom messages selling its victims a decryption service. Contrary to the implications of its ransom notes, the Razy Ransomware uses an encryption method that does not preserve critical data required for restoring the affected files, and malware experts recommend not paying its fee particularly. You should delete the Razy Ransomware through the usual anti-malware procedures and restore your content from any available backups.

When Your Files Start Razzing You

Most online and threat hoaxes struggle to balance the internal tensions between authenticity and misappropriated profitability, but nowhere is that trait more observable than with Trojans dedicated to ransoming data. Malware researchers have seen different threat authors responding to these issues in diverse ways, such as faking encryption attacks, claiming that their encryption algorithms are stronger than they are, and even misrepresenting deleted files as encrypted ones. The new Razy Ransomware shows another way Trojan developers can manipulate their victims for making money.

A German developer created the Razy Ransomware for supposedly educational purposes originally, with links to early builds provided in his first sources. Although the developer claims not to be using the Trojan for attack campaigns, remote attackers have begun distributing the Razy Ransomware through unknown methods, infecting PC users seemingly arbitrarily.

The Razy Ransomware uses some features that it 'borrows' from the Cerber Ransomware, but malware experts determined that it's notably different from that Trojan regarding how it encrypts data. Instead of targeting files by their formats, the Razy Ransomware targets all content inside the following Windows directories:

  • Desktop
  • Documents
  • Music
  • Pictures
  • Videos

The Razy Ransomware sends files in these folders through an AES encryption routine but discards the key needed for decrypting the content and restoring it. Despite that unusual step (either an oversight or an intentional, malicious act), the Razy Ransomware still displays ransom messages that offer to sell its victims a decryption service. Unlike the Cerber Ransomware, the Razy Ransomware doesn't use a live countdown to determine further actions, such as increases in ransoms or launching new attacks.

Taking the Sting out of Being Razzed by Trojans

The Razy Ransomware infections are identifiable by their Cerber Ransomware-inspired ransom messages, their additional text-to-speech functions, and their appending of '.the Razy' extensions to encrypted content in the locations mentioned above. With its original developer disclaiming any knowledge of this threat's still-unidentified distribution model, the PC security sector will need time to determine whether the Razy Ransomware is installing itself by e-mail attachments, spam links, drive-by-downloads or other methods.

Since there is no gain from paying the Razy Ransomware's ransom, malware experts suggest regarding all encrypted files as being de facto deleted. The irreversible nature of the Razy Ransomware's attack, while rare, is not unheard of among other Trojans of the same category, and is best counteracted by keeping backups out of the reach of an infection. Traditional solutions include removable storage devices and cloud storage.

Deleting the Razy Ransomware with your installed anti-malware products will not restore any encrypted content, but will prevent the Trojan from damaging any newly-introduced data in the targeted locations. The Razy Ransomware is only compatible with Windows currently and targets files pertinent to Windows users, although it doesn't harm the folder in use for the Windows operating system. Until its campaign's distribution is detected and curtailed, Windows users will need to be especially aware of the dangers behind paying for what should be theirs in the first place.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Razy Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 163.84 KB (163840 bytes)
MD5: 93e551a1f52faea0d90ab9cd3d524ae9
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 2, 2016

More files

Related Posts

Home Malware Programs Ransomware Razy Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.