Rodentia Ransomware

The Rodentia Ransomware is a file-locking Trojan that's a revamped version of the Jigsaw Ransomware. Current samples include poorly-programmed encryption and may not be capable of locking your files, although threats from this family also may delete them under various conditions. Users should avoid rebooting without taking additional precautions for their files' safety and remove the Rodentia Ransomware with anti-malware products as soon as possible.

A Rodent with a Lying Tongue

Out of the many families of file-locking Trojans that are extant currently, the Jigsaw Ransomware is, easily, the most destructive, since its baseline features include both ways of blockading files and ways of erasing them outright. Although malware researchers see few members of this family in 201 relatively, some samples are active, including the MR.Z3B1 Ransomware, the DeltaSEC Ransomware, the YOLO Ransomware, and the French Anti-Capitalist Ransomware. As of early July, another member of the family is in development, with significant changes to the Trojan's notorious user interface: the Rodentia Ransomware.

The Rodentia Ransomware is classifiable as an in-development Trojan due to various factors, including a non-working encryption feature for locking files, and a self-contradicting disguise for its installer that pretends that it's a version of the Firefox browser and a 'very important' PDF document simultaneously. Once the user installs it, the Trojan functions not too differently from other versions of the Jigsaw Ransomware: it tries to encrypt the user's files (and fails, in current builds), adds a 'fucked' extension to their names, and generates a pop-up HTA window with its Bitcoin-ransoming demands.

Although the Rodentia Ransomware's warning message boasts about its security, the threat actor is using one of the least-secure encryption methods possible, with a non-asymmetric, hard-coded key. Users should be capable of unlocking their files with the help of any security researcher with experience in dealing with file-locker Trojans or similar, cryptography-oriented threats. As always, malware experts warn, future updates to the Rodentia Ransomware that are likely of happening before its release may alter this solution's viability.

Brushing Off the Rodents Gnawing at Your Work

Although the Rodentia Ransomware's new additions and changes to the Jigsaw Ransomware program's code are questionable, some of the original content remains intact and works as intended. The Rodentia Ransomware may delete files whenever it restarts, which it will do as Windows reboots unless the user takes appropriate precautions. The Rodentia Ransomware also includes the traditional, timer-based deletion loop, which will erase more of the user's files after a given number of hours.

When dealing with any member of the Jigsaw Ransomware family, malware experts recommend avoiding rebooting the PC without using the Safe Mode feature or, preferably, loading from a peripheral device, such as a recovery USB. After regaining system access without the Rodentia Ransomware being active, victims can, then, take further steps for disinfection and data recovery.

As usual, a majority of anti-malware vendors are identifying this Trojan, although most detections are under generic labels. Systems with any anti-malware protection should delete the Rodentia Ransomware automatically, without any additional intervention from the user.

Another rodent scurrying on top of the looming pile of Windows Trojans isn't very noteworthy, except for the inadequacy of its attacks. Anyone who's suffering from this threat's fangs should be happy that they're not dealing with a more well-designed type of file-locker Trojan, instead of an easily-decrypted the Rodentia Ransomware.