Relec Ransomware

Posted: November 13, 2017

Relec Ransomware Description

The Relec Ransomware is an in-development Trojan that claims to lock your files with encryption and generates pop-up forms asking you to pay Bitcoins for unlocking them. Although the Relec Ransomware is incomplete, an updated version of this threat could block media permanently, change security and cosmetic system settings automatically, and communicate with an external server. Users should assume that this Trojan is capable of damaging their data and use anti-malware programs to block and remove the Relec Ransomware, while restoring their files from backups, as appropriate.

<3>A New Brood of Python Trojans

Although malware researchers often see Python-based Trojans using the same file-locking properties as projects like Hidden Tear, these threats can arrive in different stages of development. Finished ones, like CypherPy Ransomware, contrast with works-in-progress like the Relec Ransomware, which makes its source code available for free. Although its author claims that the Relec Ransomware is for 'educational purposes' only, the outline of its future payload equips this Trojan with all of the features appropriate for extorting money from various PC users theoretically.

Malware analysts have yet to see versions of the Relec Ransomware with working encryption, and the Trojan also does not include any current features for changing the names of the files it's supposedly capable of locking. However, most other characteristics of the Trojan's payload do function as intended, including a feature for resetting the desktop's wallpaper to an image that the Relec Ransomware downloads, a Notepad text-based ransom note, and a pop-up dialog box. The last of these items includes a built-in ransoming demand that asks for 'one Bitcoin,' sent to a placeholder address, to buy the key for decoding and unblocking your media.

Other, potential features that the Relec Ransomware's author plans to include are as follows:

  • Extension-targeting attacks may filter what types of media to block according to their formats, such as DOC, PNG or PDF.
  • A bundled decryption feature may decode and unlock your files, but only once you input the custom key (which the Relec Ransomware uploads to a C&C server theoretically).
  • A limited, Windows API-based structure that allows the Relec Ransomware to run in a wide variety of Windows environments without requiring specific libraries such as MFC.

Keeping Hacking Warnings from Being a Cause for Concern

Whether or not its file-locking functionality triggers, the Relec Ransomware generates its pop-up alerts automatically claiming that it's attacked your computer and damaged its local media successfully. If it does receive sufficient development attention to be capable of delivering these attacks, victims may identify any encoded content by its refusal to open in related programs, with documents, pictures, and other, work-related media being preferable targets especially. Readers also should be aware of the natural risks of paying Bitcoin ransoms, which con artists like the Relec Ransomware's authors may accept without any intention of providing a decryption service back to the user.

The Relec Ransomware is compatible with a diverse range of Windows environments and has an executable size of a negligible 250 kilobytes. While malware experts can only estimate its potential distribution strategies, threat actors often install file-locking Trojans by spamming e-mail attachments or phishing local server logins. Always have your anti-malware products scanning new files to delete the Relec Ransomware as soon as possible, and schedule regular backups to keep your media safe from attacks abusing cryptography that may not be breakable.

The Relec Ransomware's author appears to have high hopes about the potential of this Trojan, whose development plan is boasting a flexible variety of low-footprint features. Whether it stays crippled or becomes upgraded to a more severe threat, your best protection from the Relec Ransomware is the combined strength of a rigorous backup schedule and dedicated security products.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Relec Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Relec Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.