Trojan-Downloader.Win32.Rakhni

Trojan-Downloader.Win32.Rakhni is a threat that is related to an encryption ransomware Trojan known as the Rakhni Ransomware. Trojan-Downloader.Win32.Rakhni was studied closely in July 2018. Trojan-Downloader.Win32.Rakhni was capable of dropping two different threats on the victim's computer, depending on the contents of the targeted computer. Most Trojan-Downloader.Win32.Rakhni attacks seem to be limited to Russia or Russian speaking regions, although there is nothing preventing Trojan-Downloader.Win32.Rakhni from spreading beyond these limits.

What is the Main Objective of Trojan-Downloader.Win32.Rakhni

Trojan-Downloader.Win32.Rakhni is delivered to victims using corrupted spam email attachments, often taking the form of DOCX files with bad embedded macros. Trojan-Downloader.Win32.Rakhni is distributed by email messages that will use a variety of social engineering techniques to trick the victim into opening the damaged attached file. Trojan-Downloader.Win32.Rakhni uses a fake digital signature to trick the infected computer into accepting the download and allowing Trojan-Downloader.Win32.Rakhni to install its harmful payload. Apart from delivering a ransomware Trojan or a cryptocurrency miner, Trojan-Downloader.Win32.Rakhni also is capable of detecting whether it is being installed on a virtual environment or computer used by PC security researchers to study malware.

The Effects of the Trojan-Downloader.Win32.Rakhni Infection

When Trojan-Downloader.Win32.Rakhni is delivered, Trojan-Downloader.Win32.Rakhni can install one of two modules, either a cryptocurrency module or an encryption ransomware module. If Trojan-Downloader.Win32.Rakhni install files associated with cryptocurrency onto the victim's computer, then Trojan-Downloader.Win32.Rakhni will deliver an encryption ransomware Trojan to the victim's computer. This encryption ransomware threat will use the AES encryption to encrypt the files with the following file extensions, which it may find on the victim's computer:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

This threat will then deliver a ransom note in the form of a text file named 'MESSAGE.txt,' which contains the following message written in Russian:

'Request cost: mr.anders@protonmail.com
You can purchase the decryptor by: [current date + 3 days]
In the subject line write your ID: [random characters]
Letters without an ID are ignored.
Please do not try to decrypt files with third-party tools.
You can ruin them completely and even the original decryptor will not help.
Applications are processed by an automated system.'

Trojan-Downloader.Win32.Rakhni will install a miner Trojan designed to use the infected computer's GPU and CPU to mine a variety of cryptocurrencies, delivering the profits to Trojan-Downloader.Win32.Rakhni's Command and Control servers and making money at the expense of the victim if the files associated with digital currency are not found.

Protecting Your Computer from Threats Like Trojan-Downloader.Win32.Rakhni

The best protection against threats like Trojan-Downloader.Win32.Rakhni is to have strong and updated security software that operates in real time and is capable of intercepting threats like Trojan-Downloader.Win32.Rakhni. Since the main way in which Trojan-Downloader.Win32.Rakhni is delivered initially is through spam email attachments, having mechanisms to detect and intercept spam email messages is also an essential part of dealing with threats like Trojan-Downloader.Win32.Rakhni.