R980 Ransomware

The R980 Ransomware is distributed as an encryption ransomware Trojan, similar to the countless other threats that are currently active. However, PC security analysts have observed that the R980 Ransomware does not encrypt the victim's files as it claims. It is possible that the R980 Ransomware is incomplete or under development, or that the R980 Ransomware is part of a different type of tactic. Regardless of the reasons, it is clear that the R980 Ransomware does not encrypt the victim's files in the way the R980 Ransomware claims. As part of its attack, the R980 Ransomware fills the victim's desktop with randomly named trash files, changes the victim's Desktop image, and drops a ransom note in the form of a text file.

The R980 Ransomware's Ransom Note

The R980 Ransomware's ransom note claims that the computer user is the victim of an encryption ransomware Trojan, demanding the payment of 0.5 BitCoin (about $330 USD on average) to obtain the decryption key. This is typical of these attacks, where a decryption key is stored in the Command and Control server and inaccessible to the computer user. These hoaxes ask the victim to pay large amounts of money in exchange for the decryption key necessary to recover the encrypted files. The R980 Ransomware's ransom note contains step-by-step instructions on how to pay the ransom. Avoid paying the R980 Ransomware's ransom, regardless of the nature of the attack. In the case of the R980 Ransomware, the victim's files will not be encrypted, but even if the files are encrypted in a future iteration of the R980 Ransomware attack, the ransom payment shouldn't be made.

The full text of the R980 Ransomware's ransom note reads:

!!!! ATTENTION !!!! YOUR FILES HAVE BEEN ENCRYPTED! !!!!
ALL of your documents, photos, databases and other important files have been encrypted with AES - 256 and RSA4096.You will not be able to recover your files without the private key which has been saved on our server.An antivirus can not recover your files.
hxxps://en.wikipedia.org/wiki/Advanced_Encryption_Standard
HOW TO GET YOUR FILES BACK
: To decrypt your files you have to pay .5 Bitcoins (BTC).
How to make payment?
1. Firstly, you have to buy Bitcoins (BTC). You can buy Bitcoins easily at the following site (you can skip this step if you already have Bitcoins).
https://www.coinbase.com/
https://coincafe.com/
https://bitquick.co/
2. Send .5 BTC to the following Bitcoin address - You don’t have to send the exact amount above. You have to send at least this amount for our systems to confirm payment.
BITCOIN ADDRESS: 1NXYHuHdM8WBHBBRbxQbXQ9L3ry2radGgr
3. Once you have paid to the above Bitcoin address we will give you a link to a decrypter that will fix your files.
It will be sent to a public email account we have created for you:
https://www.mailinator.com/inbox2.jsp?public_to=8569402d-3a74-4f27-91ba-d6408e0ff8fe
Please wait up to 24 hours for your decrypter to arrive.

Although the additional step of filling the victim's desktop with randomly named files has not been observed in other ransomware Trojan attacks frequently, PC security researchers have noted that the ransom note linked to the R980 Ransomware has been seen in other, similar attacks. It is possible that the R980 Ransomware is either related to another ransomware or the con artists responsible for the R980 Ransomware simply used other ransomware ransom notes as a template to create their own threats.

Protecting Your Computer from the R980 Ransomware

The best protection from ransomware like the R980 Ransomware is to ensure that all of your files are backed up on an off-site location. If you can recover your files from a backup, then there is no need to pay the ransom demanded by these con artists.You should backup your files on an external drive that is not connected to your computer, since threats like the R980 Ransomware will typically encrypt files on all drives found on the affected computer or shared on a network, in some cases.