RSAUtil Ransomware

Posted: May 3, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 48

RSAUtil Ransomware Description

The RSAUtil Ransomware is a Trojan that can block your files from opening by modifying them with an encryption-based cipher. Its attacks also include creating messages requesting money to restore the files it's locking, although paying this extortionist ransom is, at best, an uncertain recovery tactic. For more guaranteed security for your data than that, malware experts suggest backing up your drive routinely and having anti-malware products for quarantining or deleting the RSAUtil Ransomware.

The Trojan from Delphi Prophesying Profits

Delphi isn't the most-favored language for designing threatening software, but, recently, is enjoying a minor heyday, between encryption-oriented threats like the Telecrypt Ransomware, the Amnesia Ransomware, the Extractor Ransomware, and the just-identified the RSAUtil Ransomware. While the RSAUtil Ransomware uses some features visibly similar to those of the Crysis Ransomware family, malware experts are dubbing it an unrelated Trojan, hopefully giving victims new options for recovering the files that it damages.

Distribution routes for this Trojan's campaign are unidentifiable, to date, although malware experts did verify that the RSAUtil Ransomware uses DLL-injecting exploits to launch automatically. Some variants of this Trojan also may use incorrect filenames deliberately to disguise their components as being parts of Windows such as svchost.exe. Once it's in operation, the RSAUtil Ransomware commences encrypting local media, such as pictures, spreadsheets or documents.

Malware experts aren't seeing the RSAUtil Ransomware breaking any new ground with its nonetheless effective encryption routine, which is using a derivative of an AES cipher. While it uses this encryption for blocking your media, the RSAUtil Ransomware also inserts filename changes that include the remote attacker's e-mail address (for ransoming communications) and the system's ID number, with a format that resembles the Crysis Ransomware collective greatly.

The RSAUtil Ransomware's authors are asking for victims to pay an unspecified amount in Bitcoins, with the cryptocurrency platform guaranteeing anonymity for the extortionist but no protection for the one paying to recover their files.

Debunking the Prophecy of Extortion for Decryption Keys

The RSAUtil Ransomware's text-based ransoming notes don't support languages other than English, although its author appears unfamiliar with it and makes numerous grammatical errors. The language may be in use solely to guarantee that the RSAUtil Ransomware is compatible with as many countries as possible. Distribution exploits extortionists prefer for threats of this category encompass both Web browser-based ones, such as exploit kits and e-mail attachments, as well as brute-force attacks against business systems or bundles (the latter for attacking recreational-use systems at random).

Although its last symptoms are unmistakable, this Trojan deals potentially permanent damage to your files before showing any of its other side effects. Paying ransoms for decryption keys always is risky, and malware experts heavily advise against it instead of recovering from your last backup. After removing the RSAUtil Ransomware, you also may consider contacting various entities in the anti-malware industry for inquiring about the potential for free decryption, which is attainable with some Trojan families.

The real cost of giving in to the RSAUtil Ransomware's extortion may be either a few dollars or hundreds of them, but whatever it turns out to be, readers should remember that backing up their files always can be free.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RSAUtil Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RSAUtil Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.