Razy Ransomware Description
The Razy Ransomware is a Trojan that encrypts your content and may display ransom messages selling its victims a decryption service. Contrary to the implications of its ransom notes, the Razy Ransomware uses an encryption method that does not preserve critical data required for restoring the affected files, and malware experts recommend not paying its fee particularly. You should delete the Razy Ransomware through the usual anti-malware procedures and restore your content from any available backups.
When Your Files Start Razzing You
Most online and threat hoaxes struggle to balance the internal tensions between authenticity and misappropriated profitability, but nowhere is that trait more observable than with Trojans dedicated to ransoming data. Malware researchers have seen different threat authors responding to these issues in diverse ways, such as faking encryption attacks, claiming that their encryption algorithms are stronger than they are, and even misrepresenting deleted files as encrypted ones. The new Razy Ransomware shows another way Trojan developers can manipulate their victims for making money.
A German developer created the Razy Ransomware for supposedly educational purposes originally, with links to early builds provided in his first sources. Although the developer claims not to be using the Trojan for attack campaigns, remote attackers have begun distributing the Razy Ransomware through unknown methods, infecting PC users seemingly arbitrarily.
The Razy Ransomware uses some features that it 'borrows' from the Cerber Ransomware, but malware experts determined that it's notably different from that Trojan regarding how it encrypts data. Instead of targeting files by their formats, the Razy Ransomware targets all content inside the following Windows directories:
The Razy Ransomware sends files in these folders through an AES encryption routine but discards the key needed for decrypting the content and restoring it. Despite that unusual step (either an oversight or an intentional, malicious act), the Razy Ransomware still displays ransom messages that offer to sell its victims a decryption service. Unlike the Cerber Ransomware, the Razy Ransomware doesn't use a live countdown to determine further actions, such as increases in ransoms or launching new attacks.
Taking the Sting out of Being Razzed by Trojans
The Razy Ransomware infections are identifiable by their Cerber Ransomware-inspired ransom messages, their additional text-to-speech functions, and their appending of '.the Razy' extensions to encrypted content in the locations mentioned above. With its original developer disclaiming any knowledge of this threat's still-unidentified distribution model, the PC security sector will need time to determine whether the Razy Ransomware is installing itself by e-mail attachments, spam links, drive-by-downloads or other methods.
Since there is no gain from paying the Razy Ransomware's ransom, malware experts suggest regarding all encrypted files as being de facto deleted. The irreversible nature of the Razy Ransomware's attack, while rare, is not unheard of among other Trojans of the same category, and is best counteracted by keeping backups out of the reach of an infection. Traditional solutions include removable storage devices and cloud storage.
Deleting the Razy Ransomware with your installed anti-malware products will not restore any encrypted content, but will prevent the Trojan from damaging any newly-introduced data in the targeted locations. The Razy Ransomware is only compatible with Windows currently and targets files pertinent to Windows users, although it doesn't harm the folder in use for the Windows operating system. Until its campaign's distribution is detected and curtailed, Windows users will need to be especially aware of the dangers behind paying for what should be theirs in the first place.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Razy Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
file.exeFile name: file.exe
Size: 163.84 KB (163840 bytes)
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 2, 2016