Posted: March 6, 2018 Ransomware Description

The Ransomware is a member of the RotorCrypt Ransomware family of file-locking Trojans. The Ransomware may block your files by encrypting them with an RSA-based cipher, change their names or add extensions, as well as drop different ransom notes. Malware experts recommend saving backups of your work since this family may not be decryptable for free, and having anti-malware programs block or delete the Ransomware for your PC's safety.

A Trojan Star is Born

Threat actors are disseminating a new version of the RotorCrypt Ransomware, a Trojan with a history of rotating through numerous contacts while keeping a consistent, unbreakable encryption methodology for attacking the files of the PCs that it infects. The new release, most likely under the management of new threat actors, uses an unusual filename-editing format, but, for any victims, its ability to damage and lock files irreversibly, still, is its more important function.

Various con artists have used different versions of the Ransomware for attacking business entities in Russia, with probably infection strategies including both targeted attacks against network logins and forged e-mail messages that carry corrupted attachments. Although the RotorCrypt Ransomware family is old, the Ransomware is only identifiable since March of 2018. Readers should note that, unlike many file-locking threats, the Ransomware and its relatives may not always generate text messages or pop-ups asking for money after blocking your files.

The Ransomware's more unusual feature is how its threat actor is appending extensions, which lets the victim identify the 'hostage' media, as well as follow the contact information for the ransom negotiations. Although the Ransomware does include an e-mail, it also adds two, other blocks of information that it separates with dashes. The first string only says 'Revert Access,' while the second refers to a business management company. Readers should note that malware experts are seeing no indications that the latter is symptomatic of the organization in question having any ties to the Ransomware. Its administrators may be modifying these last details corresponding to particular targets.

Pulling Your Files out of the Latest Trojan Machinery

As a new version of the RotorCrypt Ransomware, the Ransomware is unlikely of having a compatible decryptor available to the public without charge. Other members of the RotorCrypt family, such as the '' Ransomware, are impervious to casual decryption efforts equally, without the presence of bugs between variants. For most file-locking threats, malware experts advise that PC users keep secure, updated, and network-segregated backups of their files to provide a non-ransom-based recovery method.

The Ransomware's family also is notable for targeting business entities and its associations with the Ransomware-as-a-Service style model for distribution, which opens the Trojan up for installation by different threat actors. Malware experts advise scanning all e-mail attachments with appropriate security software especially, due to the high frequency of abuse associated with file-locking Trojans, and other threats. Most anti-malware programs should catch and remove the Ransomware immediately and prevent the encryption-based data loss.

The Ransomware is a small case of a Trojan doing things differently in ways implying that its threat actors have a particular familiarity or interest in some companies more than others. Being a business entity in regions already at risk from Trojan campaigns particularly is often painting a target on your data that users should compensate for with increased protection.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.