Rijndael Ransomware
Posted: April 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 11 |
| First Seen: | April 4, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Rijndael Ransomware is an update of the DNRansomware, which locks your screen with ransom demands that it motivates by blocking your files with a cipher. Any users needing to recover their data should look to free decryption solutions or backups while following this article's recommendations for unlocking their screens. Various anti-malware products also can provide protection that removes the Rijndael Ransomware before any encryption begins.
A River's Worth of Encryption Problems
The now rarely-used name of Rijndael, the alternative label for the AES encryption standard, is a Dutch play on the words referencing the river Rhine ('rijn') and a valley ('dael'). Now, an update to the DNRansomware campaign is including references to the Rijndael standard in its ransoming messages, along with supposed improvements to the encryption attack. Whether the extortionists are using the Rijndael label out of familiarity for its Dutch origins, or for confusing its victims, malware experts find the threat no stronger than past versions of the DNRansomware.
Instead of targeting Chrome users, the Rijndael Ransomware installs itself by appealing to individuals interested in generating Bitcoins through a specialized mining application. After installing through the fake Bitcoin miner, the Rijndael Ransomware can encrypt documents, archives, and other media or any immediate symptoms automatically. The Trojan uses an AES algorithm for this purpose and appends the '.fucked' extension to the names (also a symptom of other threats, such as the EnkripsiPC Ransomware).
Malware experts also conclude that the Rijndael Ransomware is one of an increasing number of file-encrypting Trojans that disable the victim's desktop accessibility by loading a non-minimizing pop-up. The Rijndael Ransomware's screen-locker includes an adjustable e-mail address, for contacting its author, humanpuff69, and entering into ransom negotiations for the decryptor. He asks for 0.5 Bitcoins currently, equal to roughly 567 USD, which the victim can't refund if he chooses not to provide the decryption service.
Damming Up a Threat Actor's Flow of Ransoms
Honesty isn't a quality in high demand to people engaging in cyber extortion, and the Rijndael Ransomware shows many of the characteristic traits of hoax-based Trojans, including exaggerating the quality of its encryption. Other companies have updated their free decryption software to be compatible with any media that the Rijndael Ransomware locks, which gives victims without the wisdom to back up their files another way out. Backing up content to an isolated drive or server is highly recommended by malware experts to keep threats like the Rijndael Ransomware from forcing you into paying their ransoms for the chance of recovering your files.
Just like the DNRansomware, the Rijndael Ransomware uses a hard-coded unlocking mechanism that remains consistent between separate infections. Current versions of the Rijndael Ransomware use the '83KYG9NW-3K39V-2T3HJ-93F3Q-GT' key to unlock their pop-ups. However, users should run anti-malware tools to disinfect their PCs and contain or delete the Rijndael Ransomware safely as soon as possible afterward.
Con artists are students of human nature just as much as any philosopher and understand that the drive to make money out of nothing from a Bitcoin miner is a powerful incentive for installing unknown software. Give your security tools a chance to analyze these downloads, and you may be saving your files from a fate even more expensive than the Rijndael Ransomware's attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.