Ruby Ransomware

Posted: May 10, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 46

Ruby Ransomware Description

The Ruby Ransomware is a file-encryption Trojan that blocks other programs from opening your files by enciphering them with a custom algorithm. Since decryption research is ongoing, victims should restore their locked content through a backup whenever possible. Updated anti-malware programs also may delete the Ruby Ransomware during its installation routine, at which time its file usually will be named to imitate some form of 'safe' software.

The Shine of Ruby Dust Coating Your Files

Courtesy of a new threat actor known only as Hayzam Sherif, PC users are getting another hazard to encourage their scheduling backups: the Ruby Ransomware. While the Trojan uses a very standardized, encryption-based attack for locking your files, it also has a unique, minimalist pop-up function that helps the victim find customized information for paying its ransom. As usual with similar threats malware experts analyze, the Ruby Ransomware asks for a cryptocurrency to keep you from recovering your money afterward.

The Ruby Ransomware uses AES-based encryption, although malware experts have yet to verify whether or not the routine is vulnerable to decryption from third parties. The files locked by this encryption attack, such as documents, also acquire the '.ruby' extensions that the Ruby Ransomware injects after any default ones (such as 'text.txt.ruby'). However, being unable to open these files is only one of two symptoms of the Ruby Ransomware's final payload.

The Trojan's last symptoms include generating a detailed HTML page with its ransom demands, along with a pop-up with buttons for displaying your ID number or redirecting you to the above Web page. Unusual use of the English terminology implies that Hayzam Sherif isn't a native speaker, and malware experts can confirm some Spanish-language data details in some of the Trojan's components. An overwhelming majority of similar campaigns request payment through non-refundable methods, such as Bitcoins, before possibly returning the victim's files.

Cracking a Gem of a Trojan

By keeping things simple and avoiding extraneous details, the Ruby Ransomware presents an easy-to-understand ransoming system that might convince victims into paying for file restoration. However, paying a ransom almost never ties into automatic decryption features, and Hayzam Sherif is unlikely to request any payments that would be subject to refunds. Until malware experts can analyze the Ruby Ransomware further and determine its susceptibility to decryption, backups are your files' best chance of not being locked permanently.

The Ruby Ransomware's campaign hasn't seen significant distribution in the wild, and its infection vectors still are in flux. Most threat actors distribute file-encrypting Trojans like this one through the help of EKs like the Rig Exploit Kit or e-mail attachments. Changing your Web-browsing settings for covering potential vulnerabilities and letting anti-malware tools scan all new files could block or delete the Ruby Ransomware before an infection could occur.

To extortionists, Trojans like the Ruby Ransomware represent the shine of illicit profits made from taking what's not theirs either temporarily or in perpetuity. As campaigns like this one so clearly demonstrate, taking the same steps to protect your digital possessions that you would take for your 'real world' ones never is a waste of time or money.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ruby Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Ruby Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.