Rightsor Ransomware

The Rightsor Ransomware is a file-locker Trojan of an unknown family, if any, that uses encryption for blocking media on your computer. Once it does so, it creates an additional text message telling you to pay Bitcoins for unlocking the files. Preestablished backups are always preferable to placing yourself in a potentially ransom-vulnerable circumstance with your data storage, and various brands of anti-malware products should protect your PC by removing the Rightsor Ransomware automatically.

A Fresh Sore Right on Your Most Precious Files

A file-locking Trojan with a genealogy still unplumbed is just starting to become identifiable in the cyber-security industry. The Rightsor Ransomware operates similarly to threats like the 'free' Open Tear project or the Ransomware-as-a-Service entity of the Crysis Ransomware by blocking your files without alerting you to its non-consensual encoding process and, then, delivering text messages that ask for your money. While its impact may be limited, malware researchers have yet to finish examining all of the Rightsor Ransomware's possible features, and its campaign may not even be in a live-deployment status.

The Rightsor Ransomware's most likely encryption method is using the standard of AES-256 for locking documents, archives, pictures, audio, movies, spreadsheets, and similar, digital media. Depending on its exact implementation, the attack may or may not be secure against casual decrypting efforts of third parties. The Rightsor Ransomware also adds '.rcrypted' extensions onto their names, which malware researchers are tying to this Trojan's campaign solely, for now.

The 'readme' file that the Rightsor Ransomware includes as its ransoming instructions has several, distinctive features, although the overall contents is a copy-paste from other Trojans' payloads. Details that malware researchers found worth noting include:

• A very high, thirty Bitcoin price for the file-unlocking service or decryptor. Since this translates into over a hundred thousand USD, the Rightsor Ransomware's threat actor is either unfamiliar with the cryptocurrency or is targeting wealthy victims, such as corporations.
• A free sample of unlocking several files is available, although the threat actor specifies content that isn't 'valuable.'
• Like many file-locker Trojans, the Rightsor Ransomware also adds a soft timing limitation that increases the cost of the ransom with each day that passes incrementally.

Like with any cryptocurrency transaction of less import, paying the Rightsor Ransomware's fee doesn't give the user any guarantees on getting a decryption service and saving their files.

A Right Way of Handling a Particularly Pricey Trojan

In attacks using ransoms of the size that the Rightsor Ransomware leverages, malware researchers find most file-locker Trojans exploiting network vulnerabilities or careless behavior among e-mail users. Spam e-mail attachments may disguise themselves with fake invoice content, pretend that they're notifications from your local office equipment, or even address any targets by name. Network logins that are vulnerable to brute-forcing also can give criminals ways of dropping threats of this classification onto one or more PCs while manually disabling any interfering security measures.

Longer, complex and non-standard passwords are adequate protection against many brute-force utilities that criminals use for gaining admin-level access to a network. With any tactic-based installations, most dedicated anti-malware applications should detect the Rightsor Ransomware or related threats without any consideration for superficial disguises like fake extensions or misleading names. The same products also may remove the Rightsor Ransomware infections, but can't 'unlock' or decrypt media.

The act of enabling a Word document's macros or keeping a factory-standard password active is, commonly, the first step in empowering Trojans like the Rightsor Ransomware. With the cost so high, users should be asking themselves if that's a risk worth taking.