‘All_Your_Documents.rar’ Ransomware

‘All_Your_Documents.rar’ Ransomware Description

The 'All_Your_Documents.rar' Ransomware receives its name because it creates a RAR archive where the victim's files are stored until the ransom payment is carried out. PC security analysts first received news of the 'All_Your_Documents.rar' Ransomware attack on February 11, 2017. The 'All_Your_Documents.rar' Ransomware is similar to other ransomware Trojans released recently that also put the victim's files in a password-protected archive. During the 'All_Your_Documents.rar' Ransomware attack, the victim's files will become compromised, causing the victim to pay a large ransom to recover access to the affected files. In most cases, the 'All_Your_Documents.rar' Ransomware is delivered in spam email campaigns, which use file attachments that abuse vulnerabilities on the victim's computers with corrupted macro scripts. When the corrupted file attachment is downloaded, the 'All_Your_Documents.rar' Ransomware will be downloaded from a remote server and installed on the victim's computer.

The Vicious Attack Executed by the 'All_Your_Documents.rar' Ransomware

The 'All_Your_Documents.rar' Ransomware is virtually identical to a previous ransomware Trojan known as RarVault Ransomware. During the attack, the 'All_Your_Documents.rar' Ransomware will put all of the targeted files in a RAR file that is protected with a password. This file, named 'All_Your_Documents.rar' will be placed in the drive that has the most space available on the victim's computer. Since the 'All_Your_Documents.rar' Ransomware targets almost one hundred different file types during its attack, the resulting RAR file will be several GB in size. Unfortunately, the file created during the 'All_Your_Documents.rar' Ransomware cannot be opened without the password, meaning that computer users will be left with no way of recovering their files if they do not have backup copies on an external memory device or the cloud. In its current version, the most common 'All_Your_Documents.rar' Ransomware variants demand the payment of 0.35 BitCoin ($350 USD approximately) to the con artists' BitCoin Wallet. The 'All_Your_Documents.rar' Ransomware delivers its ransom note in a text file named 'All_Your_Documents.txt,' which is dropped on the infected computer's Desktop. The following is the full text of the 'All_Your_Documents.rar' Ransomware ransom note:

'ATTENTION! AUFMERKSAMKEIT! ATTENTION! ATENCION! ATTENZIONE!
TO GET BACK YOUR FILES READ CAREFULLY!
UM IHRE DATEIEN ZURUCK, BITTE SORGFALTIG LESEN!
POUR RECUPERER VOS FICHIERS, S'IL VOUS PLAIT LIRE ATTENTIVEMENT!
PARA OBTENER LOS ARCHIVOS DE NUEVO, POR FAVOR, LEA CON CUIDADO!!
PER OTTENERE IL VOSTRO FILES INDIETRO, SI PREGA DI LEGGERE ATTENTAMENTE!!

Where did all your files?
Your documents on all drives (photos, videos, docs, etc.)
have been moved to password - protected WinRAR archives.
This archive is located in the root of each disk, in folder
"All_Your_Documents" and file name is "All_Your_Documents.rar".
Full path on all drives:
Drive:\\All_Your_Documents\All_Your_Documents.rar'

Dealing with the 'All_Your_Documents.rar' Ransomware Infection

Victims of the 'All_Your_Documents.rar' Ransomware attack are asked to install the TOR browser to connect to the payment website. Unfortunately, the use of TOR makes it very difficult for PC security researchers to track down the identity of the people responsible for the attack. PC security researchers strongly advise computer users to avoid following the 'All_Your_Documents.rar' Ransomware's instructions, however. It is very unlikely that the con artists will keep their word and deliver the password needed to access the RAR file created by the 'All_Your_Documents.rar' Ransomware. The people responsible for the attack are just as likely to ignore the victim or ask for additional payments. To deal with the 'All_Your_Documents.rar' Ransomware, PC security researchers strongly advise computer users to recover by deleting the 'All_Your_Documents.rar' Ransomware with a security program. Then, backup copies of the files can be used to replace the RAR created by the 'All_Your_Documents.rar' Ransomware.

The best protection against the 'All_Your_Documents.rar' Ransomware and other ransomware Trojans is to have backup copies of all files, either on an external memory device or the cloud. If computer users can restore their files from a backup, then any leverage the extortionists have during their attack is lost. Essentially, having file backups makes computer users invulnerable to the 'All_Your_Documents.rar' Ransomware and other ransomware Trojans completely.

Infected with ‘All_Your_Documents.rar’ Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect ‘All_Your_Documents.rar’ Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 15 + 9 ?