Rector Ransomware

Posted: July 2, 2015
Threat Metric
Threat Level: 8/10
Infected PCs 26

Rector Ransomware Description

The Rector Ransomware (also IDed as Trojan-Ransom.Win32.Rector or Ransom:Win32/Rector.A) is a file encryption Trojan that deprives you of access to your files in exchange for demanding a ransom. The Rector Ransomware's attacks may be accompanied by automatic network contact with remote servers, as well as changes in file names. As with any ransomware campaign, malware experts suggest that you ignore the Rector Ransomware's ransom demand and use proper anti-malware products to delete the Rector Ransomware and restore your computer.

The Files Renamed into Ransoms

Many file encryption campaigns incorporate sophisticated techniques for demanding ransoms from their victims, ranging from changing their desktop images to generating new text files. However, malware researchers also have seen recent fads in file encrypting strategies that don't require anything more onerous than changing the names of the attacked files. The Rector Ransomware is an example of one such Trojan that recently has been seen using this technique as a means of delivering its ransom demands seamlessly alongside its file encrypting attacks.

The Rector Ransomware is a Windows-based threat and may make automatic modifications to utilities like the Windows Firewall to allow its features to function as intended. Post installation, the Rector Ransomware scans for files of common types and appends the .CBF type suffix, although the Rector Ransomware doesn't convert the files to true CBF (or Calendar Builder) files. However, PC owners are more likely to notice the addition of e-mail addresses and ID code strings to the file names. These changes are implicitly meant to provide the victims with a means of communication with the would-be file ransomer.

Along with these aesthetic changes, the Rector Ransomware also encrypts the affected files, a process that makes them unable to be opened or read until reversed. As of this article's writing, there is at least one freely downloadable Rector Ransomware decryptor (RectorDecryptor). However, this tool has failed at reversing the decryption attacks of the latest versions of the Rector Ransomware.

PC users choosing to initiate contact with the Rector Ransomware's administrator through the e-mail address (which has varied at least twice in recent the Rector Ransomware attacks) are demanded to pay a cash ransom. Average ransoms may range as high as 1000 USD, with no guarantee of its perpetrators following through on their promises of providing decryption.

Stopping Your Files from Being a Ransom Message

Although many of the most recently dated Rector Ransomware attacks affect Russian systems, the Rector Ransomware isn't a region specific threat, and can encrypt files without any respect for their contents or language type. Besides the highly visible elements of its file renaming attacks, the Rector Ransomware also can be identified through its automated network communications. Open network ports, particularly port 3389, may be symptoms of the presence of the Rector Ransomware or similar network-capable Trojans.

Even though there are pieces of evidence indicating that the Rector Ransomware campaigns have become linked to compromised terminal servers, malware analysts haven't identified all of the Rector Ransomware's possible transmission methods. Regardless of how the Rector Ransomware installs itself, deleting the Rector Ransomware and disinfecting your PC should be a security priority, even over preserving any endangered file data. In cases where free utilities are inadequate at reversing the Rector Ransomware's attacks, victims can further protect themselves by using remote storage solutions for any files at risk.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Rector Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Rector Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.