Threat Database Ransomware 'All_Your_Documents.rar' Ransomware

'All_Your_Documents.rar' Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 12,269
Threat Level: 100 % (High)
Infected Computers: 469
First Seen: February 14, 2017
Last Seen: September 16, 2023
OS(es) Affected: Windows

The 'All_Your_Documents.rar' Ransomware receives its name because it creates a RAR archive where the victim's files are stored until the ransom payment is carried out. PC security analysts first received news of the 'All_Your_Documents.rar' Ransomware attack on February 11, 2017. The 'All_Your_Documents.rar' Ransomware is similar to other ransomware Trojans released recently that also put the victim's files in a password-protected archive. During the 'All_Your_Documents.rar' Ransomware attack, the victim's files will become compromised, causing the victim to pay a large ransom to recover access to the affected files. In most cases, the 'All_Your_Documents.rar' Ransomware is delivered in spam email campaigns, which use file attachments that abuse vulnerabilities on the victim's computers with corrupted macro scripts. When the corrupted file attachment is downloaded, the 'All_Your_Documents.rar' Ransomware will be downloaded from a remote server and installed on the victim's computer.

The Vicious Attack Executed by the 'All_Your_Documents.rar' Ransomware

The 'All_Your_Documents.rar' Ransomware is virtually identical to a previous ransomware Trojan known as RarVault Ransomware. During the attack, the 'All_Your_Documents.rar' Ransomware will put all of the targeted files in a RAR file that is protected with a password. This file, named 'All_Your_Documents.rar' will be placed in the drive that has the most space available on the victim's computer. Since the 'All_Your_Documents.rar' Ransomware targets almost one hundred different file types during its attack, the resulting RAR file will be several GB in size. Unfortunately, the file created during the 'All_Your_Documents.rar' Ransomware cannot be opened without the password, meaning that computer users will be left with no way of recovering their files if they do not have backup copies on an external memory device or the cloud. In its current version, the most common 'All_Your_Documents.rar' Ransomware variants demand the payment of 0.35 BitCoin ($350 USD approximately) to the con artists' BitCoin Wallet. The 'All_Your_Documents.rar' Ransomware delivers its ransom note in a text file named 'All_Your_Documents.txt,' which is dropped on the infected computer's Desktop. The following is the full text of the 'All_Your_Documents.rar' Ransomware ransom note:

'ATTENTION! AUFMERKSAMKEIT! ATTENTION! ATENCION! ATTENZIONE!
TO GET BACK YOUR FILES READ CAREFULLY!
UM IHRE DATEIEN ZURUCK, BITTE SORGFALTIG LESEN!
POUR RECUPERER VOS FICHIERS, S'IL VOUS PLAIT LIRE ATTENTIVEMENT!
PARA OBTENER LOS ARCHIVOS DE NUEVO, POR FAVOR, LEA CON CUIDADO!!
PER OTTENERE IL VOSTRO FILES INDIETRO, SI PREGA DI LEGGERE ATTENTAMENTE!!

Where did all your files?
Your documents on all drives (photos, videos, docs, etc.)
have been moved to password - protected WinRAR archives.
This archive is located in the root of each disk, in folder
"All_Your_Documents" and file name is "All_Your_Documents.rar".
Full path on all drives:
Drive:\\All_Your_Documents\All_Your_Documents.rar'

Dealing with the 'All_Your_Documents.rar' Ransomware Infection

Victims of the 'All_Your_Documents.rar' Ransomware attack are asked to install the TOR browser to connect to the payment website. Unfortunately, the use of TOR makes it very difficult for PC security researchers to track down the identity of the people responsible for the attack. PC security researchers strongly advise computer users to avoid following the 'All_Your_Documents.rar' Ransomware's instructions, however. It is very unlikely that the con artists will keep their word and deliver the password needed to access the RAR file created by the 'All_Your_Documents.rar' Ransomware. The people responsible for the attack are just as likely to ignore the victim or ask for additional payments. To deal with the 'All_Your_Documents.rar' Ransomware, PC security researchers strongly advise computer users to recover by deleting the 'All_Your_Documents.rar' Ransomware with a security program. Then, backup copies of the files can be used to replace the RAR created by the 'All_Your_Documents.rar' Ransomware.

The best protection against the 'All_Your_Documents.rar' Ransomware and other ransomware Trojans is to have backup copies of all files, either on an external memory device or the cloud. If computer users can restore their files from a backup, then any leverage the extortionists have during their attack is lost. Essentially, having file backups makes computer users invulnerable to the 'All_Your_Documents.rar' Ransomware and other ransomware Trojans completely.

Trending

Most Viewed

Loading...