Threat Database Ransomware R00t Ransomware

R00t Ransomware

The R00t Ransomware is a file-encryption Trojan that shares some similarities with a well-known ransomware family that goes by the name Paradise. It is possible that the operators of the R00t Ransomware may have obtained the source code of the Paradise Ransomware, and used it to craft the threat in question.

The bad news is that victims of the R00t Ransomware may be unable to rely on free decryption tools. This threat uses a very secure file-encryption routine, which is impossible to decipher – the only people who can decrypt the files locked by the R00t Ransomware are the authors of the malware. Unfortunately, they are not willing to provide their services for free, and the perpetrators ask to receive a ransom payment to provide assistance.

The R00t Ransomware's Authors Use an Online Chat Room

There is no reliable information about the techniques the authors of the R00t Ransomware use to spread their threat. Still, it is likely that they rely on popular malware distribution tricks such as bogus email attachments, fake downloads, torrent trackers, pirated media and software, etc. When the R00t Ransomware is launched on a computer without sufficient anti-malware protection, it will get to work and launch the damaging file-encryption operation immediately.

Whenever the R00t Ransomware encrypts a file, it will tamper with its name and add the '_root_{VICTIM ID}.njkwe.' The ransom note is created when the attack ends, and it goes by the name '---==%$$$OPEN_ME_UP$$$==---.txt.' Surprisingly, the ransom note does not contain an email for contact, and instead, the attackers ask their victims to message them by using a Web chat service hosted on a public website. The ransom note also lists the unique victim ID found in the names of locked files.

Purchasing a decryptor from the R00t Ransomware's authors is not a viable solution because they may not fulfill their part of the deal once they get the money. We advise users affected by this threat's attack to run an anti-virus scanner that will eradicate the R00t Ransomware's files. After they complete this step, they can proceed to try and recover their data by using popular file restoration utilities.


Most Viewed