RotorCrypt Ransomware
Posted: November 3, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 23 |
| First Seen: | November 3, 2016 |
|---|---|
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The RotorCrypt Ransomware is a Trojan that uses RSA encryption to encode and 'lock' your files so that they can't open. Most threat actors use similar attacks for collecting ransoms in return for a possible decryption feature, although paying isn't a definitive data recovery solution. Most symptoms appear after the infliction of damage to your files, and preventative security steps, such as allowing anti-malware programs to remove the RotorCrypt Ransomware infections immediately, are recommended.
One Piece of a File-Locking Machine
While English-based Trojans are, by far, the most common detection entries within most threat databases, individual nations with other languages are hardly immune to similar attacks. One relatively recent phenomenon demonstrating this fact is Russia's gradual transition into being a regular target of file-locking Trojans' campaigns, usually due to ill-minded admins without much interest or experience in working with other languages. These Trojans, such as the RotorCrypt Ransomware, often have less standardized payloads and may use data-locking methods that are difficult to crack.
Despite most campaigns of this type focusing on extorting money with the help of bundled text or HTML messages, the RotorCrypt Ransomware doesn't appear to be dropping any ransom notes for the victims of its attacks. The RotorCrypt Ransomware infections do use common, asymptomatic encryption features to block media on the infected PC, but use RSA instead of the more typical AES or XOR algorithms. It edits the name of all blocked data by inserting a '.rar' extension and the e-mail of its threat actor, which may be a Tutamail, Protonmail or Gmail address.
Malware researchers most often see payloads like the RotorCrypt Ransomware's attacks related to expectations that the user will contact the provided email for 'help' with unlocking their files automatically. Con artists are especially likely to ask for payment for their assistance through transactions without safe refund policies, including cryptocurrencies or prepaid vouchers.
Breaking the Trojan Machinery Operating against Your Interests
While the RotorCrypt Ransomware has undergone various updates, associated with rotating its contact addresses primarily, its fundamental features of locking files with RSA encoding remains consistent between versions. Secure backup strategies, such as copying files to detachable devices, always give potential victims of these attacks the optimal data recovery solutions without any need to contact security researchers for decryption help. Users should refrain from paying or acknowledging other demands from the RotorCrypt Ransomware's threat actors, if possible since con artists-endorsed decryptors are unreliable or fraudulent frequently.
While the RotorCrypt Ransomware is likely to undergo changes to its distribution strategies over the coming weeks, malware analysts relate it to fake RDP software downloads currently. Over two-thirds of most brands of anti-malware products are identifying this Trojan as a threat without requiring any further updates for accuracy. Decoding an RSA cipher isn't always possible, and blocking and deleting the RotorCrypt Ransomware as soon as possible with appropriate security software is the only way of guaranteeing that it can't damage files permanently.
Highly regionally-specific campaigns like the RotorCrypt Ransomware's attacks are more likely than not to use equally localized infection exploits. Russian Web surfers should stay alert to possible hoaxes that might install file-locking threats before they have to deal with the consequences.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.