RumbleCrypt Ransomware

Posted: August 9, 2016
Threat Metric
Threat Level: 8/10
Infected PCs 131

RumbleCrypt Ransomware Description

The RumbleCryptRansomware or 'Rumble Crypt' is a Trojan that encrypts your files and generates ransom messages that ask you to make a payment in exchange for downloading its decryption tool. Even a simple encryption algorithm contains the possibility of damaging your files irrevocably, which is why malware analysts recommend having safe backups available at all times. PC owners should refrain from rewarding the RumbleCryptRansomware's con artists with payments, if at all possible, and use anti-malware programs for uninstalling the RumbleCryptRansomware.

A New Taste of a Bad Onion Site

Web-based anonymity services may have theoretically ideal and benign goals for protecting your privacy, but, in daily usage, may fall to being tools of the threat industry. In particular, the TOR browser and associated websites (which you can identify by suffixes such as '.onion') continue being factors in how con artists receive ransom payments for misappropriated digital goods. The RumbleCryptRansomware is the latest example of this payment-processing methodology in action, with its payment infrastructure's identification taking place in the first week of August.

As a result of limited sample sizes, malware experts are unable to associate the RumbleCryptRansomware with preexisting threat families. Symptoms most likely incorporated in the RumbleCryptRansomware's payload include:

  • The RumbleCryptRansomware may encrypt your data (such as the contents of your Windows account folder, your desktop, or your default downloads location) with an algorithm that modifies its internal structure. Encryption always renders the file unusable until you revert the process via decryption. Most Trojans like the RumbleCryptRansomware mark the content by appending an individual extension, such as the '.locked' or '.CRYPT' tags.
  • The RumbleCryptRansomware may load ransom messages through your desktop, automatic pop-ups, or additional text files placed in the same locations as your encrypted information. These instructions redirect readers to the RumbleCryptRansomware's payment portal, a Tor (AKA 'The Onion Router') domain.

The RumbleCryptRansomware's current domain uses phrasings that malware experts have seen in separate campaigns, making it likely that its 'military-grade encryption' is less unbreakable than the RumbleCryptRansomware claims. Like many file encryption tactics, the RumbleCryptRansomware's domain requests payment within a short period before its con artists discard the key that normally is mandatory for decryption.

Quieting the Rumble of Young Trojans Using Old Attacks

The RumbleCryptRansomware's campaign is mildly noteworthy for its use of polite, rather than overtly antagonistic language, as well as claiming extra benefits with payments (such as the RumbleCryptRansomware self-uninstalling). The high probability of duplicity in these assertions causes malware experts still to recommend avoiding ransom payments to threat authors in all scenarios. Data recovery from a the RumbleCryptRansomware attack is most directly achievable through keeping backups out of the Trojan's capacity to encrypt, such as copies on USB drives.

Once you detect a the RumbleCryptRansomware infection, reboot your computer through any methods required for circumventing additional interference, such as switching to your operating system's built-in Safe Mode environment. Use your anti-malware products for removing the RumbleCryptRansomware, as well as threats that may have installed it. Most file encryption Trojans lack any self-installing features and depend on secondary threats for compromising new systems.

Despite its unusual politeness, the RumbleCryptRansomware is just as much a danger to your data as more overtly hostile threats like the Anatel Ransomware. Remember that paying a con artist to regain your belongings is a recovery strategy that's more likely to backfire than keeping a good backup.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RumbleCrypt Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RumbleCrypt Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.