Rozlok Ransomware

Posted: January 2, 2018

Rozlok Ransomware Description

The Rozlok Ransomware is a variant of the RSA2048Pro Ransomware that customizes its campaign against Russian-speaking victims. These file-locking Trojans can block different formats of data, potentially permanently, and create text messages asking you to pay for their recovery. Secure backups are the most direct protection you can give your files against this threat besides having the anti-malware software capable of removing the Rozlok Ransomware safely.

One Ukrainian's Gift to Russian PCs

Whether the choice of targets is coincidental or a deliberate, political message, malware analysts are observing a new, file-locking campaign attacking Russian PCs from Ukraine. The threat actors are installing the Rozlok Ransomware through Remote Desktop exploits that allow them to run programs manually, which is a likely occurrence after brute-forcing the system's network password. Other infection vectors related to this campaign include compromised websites running themes associated with the Christmas holidays, sporting events, and the automotive industry.

The Rozlok Ransomware conducts file-locking attacks that use AES-256 in SHS mode, instead of the more often utilized CBC. The Rozlok Ransomware generates custom unlocking keys for every file that it encrypts and protects them with an RSA-2048 cipher. The original version of its payload is most likely a minor update of the RSA2048Pro Ransomware, although some sources are reporting this Trojan as being a variant of the Vortex Ransomware. Any victims can search for '.aes' extensions for identifying what content the Trojan is locking.

One significant, recurring discrepancy in its payload is that the Rozlok Ransomware's attack sometimes fails to encode Outlook files. Malware experts are confirming that restoring the original extension tag is the only action required for recovering any message files that are specific to this e-mail client, and no other formats of media.

Paying the Lowest Price for Your Digital Property

Unless significant, unforeseen vulnerabilities in the Rozlok Ransomware's encryption mechanisms arise, malware researchers judge it unlikely that free decryption ever will be possible. Victims also should ignore any ransom demands (which the Rozlok Ransomware generates in Notepad-format TXT messages) by the Trojan's threat actors, who will not respond after taking their payment necessarily. Although the Rozlok Ransomware does attack local backups, backups that the user saves on a secure, secondary storage device or server can provide a foolproof file-recovery solution.

Disabling JavaScript, Flash, and advertising content from within your Web browser reduces the breadth of vulnerabilities that the cybercrooks can use for infecting your computer. Most anti-malware products also include additional support for blocking exploit kits and other threats that install file-locking Trojans traditionally. Secure password maintenance also stops most brute-force attacks, and most anti-malware programs always may uninstall the Rozlok Ransomware safely, regardless of any data loss.

Over the past two years, malware researchers have seen more campaigns using various strategies for long-distance extortion and the extracting or damage of digital media from Russian users. No nation has impenetrable borders from the cyber-crime, even when the aggressor is just another file-locker Trojan like the Rozlok Ransomware.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Rozlok Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Rozlok Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.