Rsalive Ransomware Description
The Rsalive Ransomware is a file-locking Trojan that can encrypt your media files with an AES algorithm that keeps them from opening. Besides non-working documents, pictures, etc., symptoms can include the addition of Trojan-specific extensions to filenames, deleted backups, and unsafe changes to your security settings. Keep your anti-malware products ready for removing the Rsalive Ransomware appropriately and have backups for free data recovery.
Incoming Two Hundred Dollar 'Security Problems'
The Scarab Ransomware, the dual-language family of extortionists Trojans, remains a competitor in the field for file-locking attacks in the current year. Russian cyber-security researchers are confirming another addition to the already-weighted, English half of this family. For now, malware researchers see no profit to the wallet of the Rsalive Ransomware, which depends on Bitcoins for its illegal livelihood.
It's much newer than ancestors like the Recry1 Ransomware, the Scarabey Ransomware, the Scarab-Recovery Ransomware, or the Scarab-DD Ransomware, but the Rsalive Ransomware's modus operandi is identical. It encrypts media on your computer by using a secure version of AES or Rijndael and tags their names with additional extension info, including 'rsalive' strings. Along the way, it removes the Shadow Volume Copies that could help Windows users with data recovery by issuing a shell command.
The other symptom that victims are likely of noticing is its ransom note, which the Trojan bases off of a template that malware experts see in most versions of the family. The message describes the attack as being a 'security problem' and asks for two hundred USD, in Bitcoins, for recovering your files. Although victims should be wary of paying, which may not help with the recovery at all, free decryption for the Rsalive Ransomware's family is limited in availability and effectiveness.
Keeping the Rsalive Ransomware's Profits from Coming Alive
Network administrators have additional responsibilities for avoiding file-locking attacks, however. Out-of-date software can be a haven for vulnerabilities, and threat actors, often, will brute-force credentials or take advantage of the presence of open RDP features. Correcting these issues and maintaining a rigorous backup will protect your servers' contents from the Rsalive Ransomware's locking attempts.
Decryption is, as per usual, not easily or freely available for most versions of Scarab Ransomware. Anti-malware programs can, at a minimum, compensate by removing the Rsalive Ransomware immediately or disinfecting a system for halting the attacks.
The Rsalive Ransomware might be alive, but its Bitcoin wallet is at zero. Victims should keep it in that state, assuming they don't want to see more Trojans just like it, in this high-turnover industry.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Rsalive Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.