Rokku Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 18,487 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 20 |
| First Seen: | March 22, 2016 |
| Last Seen: | November 20, 2025 |
| OS(es) Affected: | Windows |
The Rokku Ransomware is a ransomware Trojan that encrypts the victims' files and then changes their extension to .the Rokku. The Rokku Ransomware is a variant of TeslaCrypt, a ransomware Trojan that has been highly active since the release of its 3.0 version in late 2015. Computer users should take measures to protect their machines from threats and backup all important files. Files encrypted by the Rokku Ransomware cannot be recovered without access to the decryption key, which is held by the con artists until the ransom is paid. Maintaining a suitable backup of all files allows computer users to recover from a Rokku Ransomware attack by restoring their files from the backup after wiping the affected hard drive or removing the Rokku Ransomware itself.
Table of Contents
How the Rokku Ransomware Carries out Its Attack
The Rokku Ransomware attack is relatively simple and similar to most popular encryption threats active today. The Rokku Ransomware may be delivered in the form of a corrupted email attachment. When computer users open these email attachments, the Rokku Ransomware will run in the background, gather information about the victim's computer, and be encrypting the victim's files. The Rokku Ransomware essentially searches for files that match extensions contained in its configuration settings. By only encrypting files with these kinds of extensions, the Rokku Ransomware makes the victim's data inaccessible, but the affected computer remains functional enough to display the Rokku Ransomware's ransom note. The following are some of the types of files that the Rokku Ransomware and similar encryption ransomware threats search for and target for encryption:
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
The Rokku Ransomware searches for files with the extensions listed above – new extensions may be added to the Rokku Ransomware's configuration settings in new updates – and then uses an AES encryption algorithm to encrypt them, essentially making them inaccessible to the computer user. The Rokku Ransomware then displays ransom notes that alert the victim's of the attack and demand the payment of several hundred dollars through BitCoins or similar anonymous channels. The following is a ransom note associated with encryption ransomware similar to the Rokku Ransomware:
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.
Open http://bs7aygotd2rnjl4o.onion.link or
http://bs7aygotd2rnjl4o.torstorm.org or
http://bs7aygotd2rnjl4o.tor2web.org
in your browser. They are public gates to the secret server.
If you have problems with gates, use direct connection:
1) Download TOR Browser from http://torproject.org
1) In the Tor Browser open the http://bs7aygotd2rnjl4o.onion
PC security researchers strongly advise computer users to avoid paying the Rokku Ransomware's ransom amount. Paying the ransom allows con artists to continue financing attacks like the Rokku Ransomware and besides giving them the incentive to continue creating these kinds of threats. Once computer users acquire a culture of backing up their files regularly, the effectiveness of these kinds of attacks will be reduced greatly reduced.
SpyHunter Detects & Remove Rokku Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | Rokku.exe | 97512f4617019c907cd0f88193039e7c | 10 |
