R0n Ransomware
R0n is a threatening ransomware that encrypts files and appends the victim's ID, ronvest@tutanota.de email address, and the '.r0n' extension to filenames. When the R0n Ransomware infects a system, it displays a pop-up window with ransom-demanding instructions. The R0n Ransomware also drops an 'info.txt' text file, which further clarifies the demands of the attackers. Ransom notes typically demand payment in Bitcoin or other cryptocurrencies in exchange for decrypting the encrypted files. The R0n Ransomware is a variant belonging to the Dharma Ransomware family.
The Ransom-Demanding Messages of the R0n Ransomware
Victims of the R0n Ransomware are instructed to contact one of four email addresses - ronvest@tutanota.de, jerd@420blaze.it, ronrivest@airmail.cc or vestroni@tuta.io - to receive details on how to pay a ransom to the attackers. The ransom note also states that victims are allowed to send up to three files for free decryption as proof that the threat actors will provide them with a working decryption key once their demands have been met.
Furthermore, victims are warned not to rename the encrypted files or attempt to decrypt them using third-party software, as this could result in permanent data loss. It is important for anyone impacted by threats like the R0n Ransomware to understand that paying the cybercriminals any ransom amounts does not guarantee the restoration of all encrypted data and files.
How to Avoid Becoming a Victim of the R0n Ransomware?
Ransomware has become a major risk for individuals and businesses around the world. It is one of the most favored cyber-attack methods, with hackers turning to it as a way to extort money from victims. Fortunately, you can take some measures to avoid becoming a ransomware victim. Here's how:
- Backup Your Data Regularly
One way to protect yourself from falling victim to ransomware is by backing up your data regularly and ensuring that any backups are stored in a secure location. If you do become infected with ransomware, you'll be able to recover quickly and easily without having to pay the ransom.
- Practice Good Internet Habits
Another key step towards protecting yourself from ransomware is practicing good Internet habits. Avoid clicking on unknown links or downloading shady applications or software – these things could contain corrupted code that will infect your computer with ransomware. Additionally, it's important to keep all of your software updated, as this will help keep hackers out.
- Install an Anti-Malware Solution
You also should consider installing a professional anti-malware security suite on your networked devices. A security program will reduce the risk of becoming infected with ransomware by blocking any forced traffic or the execution of invasive code before it has had the chance to affect the computer or devices connected to your network.
The main ransom-demanding message of the R0n Ransomware is:
'All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: ronrivest@airmail.cc (ronvest@tutanota.de) YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:jerd@420blaze.it
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.The ransom note delivered as a text file is:
You want to return?
write email ronvest@tutanota.de or jerd@420blaze.it or ronrivest@airmail.cc or vestroni@tuta.io'
