Rozlok Ransomware Description
The Rozlok Ransomware is a variant of the RSA2048Pro Ransomware that customizes its campaign against Russian-speaking victims. These file-locking Trojans can block different formats of data, potentially permanently, and create text messages asking you to pay for their recovery. Secure backups are the most direct protection you can give your files against this threat besides having the anti-malware software capable of removing the Rozlok Ransomware safely.
One Ukrainian's Gift to Russian PCs
Whether the choice of targets is coincidental or a deliberate, political message, malware analysts are observing a new, file-locking campaign attacking Russian PCs from Ukraine. The threat actors are installing the Rozlok Ransomware through Remote Desktop exploits that allow them to run programs manually, which is a likely occurrence after brute-forcing the system's network password. Other infection vectors related to this campaign include compromised websites running themes associated with the Christmas holidays, sporting events, and the automotive industry.
The Rozlok Ransomware conducts file-locking attacks that use AES-256 in SHS mode, instead of the more often utilized CBC. The Rozlok Ransomware generates custom unlocking keys for every file that it encrypts and protects them with an RSA-2048 cipher. The original version of its payload is most likely a minor update of the RSA2048Pro Ransomware, although some sources are reporting this Trojan as being a variant of the Vortex Ransomware. Any victims can search for '.aes' extensions for identifying what content the Trojan is locking.
One significant, recurring discrepancy in its payload is that the Rozlok Ransomware's attack sometimes fails to encode Outlook files. Malware experts are confirming that restoring the original extension tag is the only action required for recovering any message files that are specific to this e-mail client, and no other formats of media.
Paying the Lowest Price for Your Digital Property
Unless significant, unforeseen vulnerabilities in the Rozlok Ransomware's encryption mechanisms arise, malware researchers judge it unlikely that free decryption ever will be possible. Victims also should ignore any ransom demands (which the Rozlok Ransomware generates in Notepad-format TXT messages) by the Trojan's threat actors, who will not respond after taking their payment necessarily. Although the Rozlok Ransomware does attack local backups, backups that the user saves on a secure, secondary storage device or server can provide a foolproof file-recovery solution.
Over the past two years, malware researchers have seen more campaigns using various strategies for long-distance extortion and the extracting or damage of digital media from Russian users. No nation has impenetrable borders from the cyber-crime, even when the aggressor is just another file-locker Trojan like the Rozlok Ransomware.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Rozlok Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.