RackCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 9 |
| First Seen: | January 25, 2016 |
| Last Seen: | July 10, 2022 |
| OS(es) Affected: | Windows |
Malware analysts have detected RackCrypt Ransomware attacks in the wild. The RackCrypt Ransomware is used to take money from computer users by assuming the control of their computers and demanding the payment of a ransom. As part of its attack, the RackCrypt Ransomware encrypts the victim's files using AES encryption. Then, the RackCrypt Ransomware displays messages with instructions for payment. The RackCrypt Ransomware is part of a wave of ransomware attacks that have increased in the last couple of years substantially. Encryption ransomware threats such as the RackCrypt Ransomware are increasing in popularity because they are particularly effective in their attack because computer users will not be able to recover the files without access to the decryption key. This means that, even if the computer user removes the RackCrypt Ransomware infection using a reliable security application, the affected files will remain encrypted.
The Harm Caused by the RackCrypt Ransomware and Other Encryption Ransomware Trojans
The RackCrypt Ransomware is designed to attack computers using the Windows operating system. The RackCrypt Ransomware can affect all versions of Windows that are used currently. Once the RackCrypt Ransomware enters a computer, it will carry out its attack by scanning the victim's computer, looking for files with a specific format, and then using AES encryption to encrypt the files. The RackCrypt Ransomware will then display pop-up messages and other notifications alerting the victim about the attack and demanding the payment of a ransom using BitCoin or another anonymous method. The RackCrypt Ransomware will also drop text or HTML files in directories that have the encrypted files. The RackCrypt Ransomware may be part of a RaaS (Ransomware as a Service) series of attacks. In these attacks, con artists will offer their ransomware to clients who can adapt the ransomware for their specific needs, making slight changes to the interface, ransom note, and amount of money demanded from the victims. The people providing the RaaS profit by getting a cut of the money paid by the victims of the attacks.
How the RackCrypt Ransomware and Other Encryption Trojans may be Used to Make Money
The RackCrypt Ransomware tactic is simple, but it is difficult to recover from the attack once the files are encrypted. The following are the steps that may be taken by the RackCrypt Ransomware and other ransomware Trojans with similar approaches:
- The RackCrypt Ransomware may be delivered using corrupted email attachments. The RackCrypt Ransomware may be delivered through peer-to-peer file sharing networks and attack websites. When the RackCrypt Ransomware is delivered to a computer, it will deliver its threatening payload as soon as the RackCrypt Ransomware is opened or its download finished.
- The RackCrypt Ransomware will then scan the infected computer's drives. The RackCrypt Ransomware contains a list of file extensions among its configuration files. These files are typically extensions for common documents, media files, images, and other files that are generated by the computer users rather than by the operating system. Essentially, the RackCrypt Ransomware seeks to encrypt all files while still allowing Windows to remain functional.
- As part of its infection process, the RackCrypt Ransomware will delete Shadow Volume copies and System Restore points, to make it more difficult for computer users to use these kinds of alternate methods to recover their files.
- The RackCrypt Ransomware then demands the payment of a ransom from the victim. The RackCrypt Ransomware do this by displaying pop-up messages which, in the case of this specific ransomware Trojan, tend to take the form of Windows error messages.
Computer users should avoid paying the RackCrypt Ransomware ransom. Paying this amount, computer users allow the people responsible for the RackCrypt Ransomware to continue monetizing their attacks, creating and improving additional ransomware threats, and carrying out attacks on more victims. There is also no guarantee that computer users will receive the decryption key after they have paid the ransom.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.