Rokku Ransomware
Posted: March 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 88 |
| First Seen: | March 22, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Rokku Ransomware is a file encryptor or a Trojan that damages your PC's information out of the hope of selling a decryption service that reverses the effect. Not all file encryptors are sufficiently well-designed to be capable of providing a real decryption function in exchange, and con artists also may fail to provide the service, even after you pay them. You can counter these risks by using other data preservation strategies, such as secure backups, and anti-malware products for uninstalling the Rokku Ransomware.
A File Lockdown with Mercenary Justifications
When judged by their payloads and overt symptoms, new threats often resemble similar threats released recently, and may even be visually indistinguishable from such fellow Trojans. However, major internal differences, not identifiable by the average victim, can differentiate these new threats and reduce their chances of being identified by anti-malware tools drastically. The Rokku Ransomware shows symptoms similar to other file encryptors of the year remarkably but couples those symptoms with detection rates that barely are in evidence.
Out of almost sixty separate anti-malware products, only a handful have provided accurate alerts regarding samples of the Rokku Ransomware. The Rokku Ransomware's campaign corresponds with the middle of March, although malware experts still are at work identifying its infection vectors. Distribution strategies used by previous file encryptors focused themselves on e-mail installers, such as Trojan droppers attached to fake delivery messages.
After its installation phase, the Rokku Ransomware scans for files such as images, audio, spreadsheets or documents. Appropriate file types are encrypted, a process that makes any associated programs unable to interpret them. The Rokku Ransomware also adds a new file extension to each name, '.the Rokku,' in what appears to be a play on words (since 'the Rokku' is one way of transliterating the English word 'lock' into Japanese).
As per the usual standards for file encryptors, the Rokku Ransomware also generates several formats' worth of decryption-purchasing instructions that the Rokku Ransomware places in the same folders as all encrypted information. Victims are expected to pay the Rokku Ransomware's authors a fee through TOR that on artists supposedly will reciprocate by delivering a file-decrypting service for the infected machine.
The File Locker that's Easier to Open than You might Assume
The Rokku Ransomware could blindside PC owners assuming that previous security measures will remain indefinitely viable against new threats. Despite this limited success on its part, malware researchers can keep recommending multiple, isolated backups as being the safest way of keeping the Rokku Ransomware from encrypting any irreplaceable information. Alternately, victims can continue submitting samples of the Rokku Ransomware files to PC security institutions out of the hope of free decryptors specialized for the Rokku Ransomware developing, as has been the case with previous file encryptors.
Although its file name choices are Eastern-leaning, the Rokku Ransomware's HTML and TXT ransom messages all target English-speaking PC owners. If, as malware experts recommend, you have no interest in paying the Rokku Ransomware's ransom, scanning unusual files with your anti-malware products still is your best defense against a the Rokku Ransomware installer. You should delete the Rokku Ransomware from your PC before restoring or decrypting any '.the Rokku' files.
What detections are available for the Rokku Ransomware will identify it as a variant of a previous family of Trojans, such as Win32/Genasom or Win32.Deshacop.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 681.98 KB (681984 bytes)
MD5: 97512f4617019c907cd0f88193039e7c
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 22, 2016