Threat Database Ransomware RackCrypt Ransomware

RackCrypt Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 9
First Seen: January 25, 2016
Last Seen: July 10, 2022
OS(es) Affected: Windows

Malware analysts have detected RackCrypt Ransomware attacks in the wild. The RackCrypt Ransomware is used to take money from computer users by assuming the control of their computers and demanding the payment of a ransom. As part of its attack, the RackCrypt Ransomware encrypts the victim's files using AES encryption. Then, the RackCrypt Ransomware displays messages with instructions for payment. The RackCrypt Ransomware is part of a wave of ransomware attacks that have increased in the last couple of years substantially. Encryption ransomware threats such as the RackCrypt Ransomware are increasing in popularity because they are particularly effective in their attack because computer users will not be able to recover the files without access to the decryption key. This means that, even if the computer user removes the RackCrypt Ransomware infection using a reliable security application, the affected files will remain encrypted.

The Harm Caused by the RackCrypt Ransomware and Other Encryption Ransomware Trojans

The RackCrypt Ransomware is designed to attack computers using the Windows operating system. The RackCrypt Ransomware can affect all versions of Windows that are used currently. Once the RackCrypt Ransomware enters a computer, it will carry out its attack by scanning the victim's computer, looking for files with a specific format, and then using AES encryption to encrypt the files. The RackCrypt Ransomware will then display pop-up messages and other notifications alerting the victim about the attack and demanding the payment of a ransom using BitCoin or another anonymous method. The RackCrypt Ransomware will also drop text or HTML files in directories that have the encrypted files. The RackCrypt Ransomware may be part of a RaaS (Ransomware as a Service) series of attacks. In these attacks, con artists will offer their ransomware to clients who can adapt the ransomware for their specific needs, making slight changes to the interface, ransom note, and amount of money demanded from the victims. The people providing the RaaS profit by getting a cut of the money paid by the victims of the attacks.

How the RackCrypt Ransomware and Other Encryption Trojans may be Used to Make Money

The RackCrypt Ransomware tactic is simple, but it is difficult to recover from the attack once the files are encrypted. The following are the steps that may be taken by the RackCrypt Ransomware and other ransomware Trojans with similar approaches:

  1. The RackCrypt Ransomware may be delivered using corrupted email attachments. The RackCrypt Ransomware may be delivered through peer-to-peer file sharing networks and attack websites. When the RackCrypt Ransomware is delivered to a computer, it will deliver its threatening payload as soon as the RackCrypt Ransomware is opened or its download finished.
  2. The RackCrypt Ransomware will then scan the infected computer's drives. The RackCrypt Ransomware contains a list of file extensions among its configuration files. These files are typically extensions for common documents, media files, images, and other files that are generated by the computer users rather than by the operating system. Essentially, the RackCrypt Ransomware seeks to encrypt all files while still allowing Windows to remain functional.
  3. As part of its infection process, the RackCrypt Ransomware will delete Shadow Volume copies and System Restore points, to make it more difficult for computer users to use these kinds of alternate methods to recover their files.
  4. The RackCrypt Ransomware then demands the payment of a ransom from the victim. The RackCrypt Ransomware do this by displaying pop-up messages which, in the case of this specific ransomware Trojan, tend to take the form of Windows error messages.

Computer users should avoid paying the RackCrypt Ransomware ransom. Paying this amount, computer users allow the people responsible for the RackCrypt Ransomware to continue monetizing their attacks, creating and improving additional ransomware threats, and carrying out attacks on more victims. There is also no guarantee that computer users will receive the decryption key after they have paid the ransom.


Most Viewed