Rans-A Ransomware

Infosec researchers have discovered a new ransomware threat that could be used in attacks by cybe-criminals. This ransomware has been given the name Rans-A. The main function of Rans-A is to encrypt files, and as a result, it appends the '.Rans-A' extension to the original filenames. In addition to file encryption, Rans-A also creates a file called 'HOW TO DECRYPT FILES.txt.' This file serves as a ransom note and gives instructions on how to pay the ransom in order to regain access to the encrypted files. The threat has been confirmed to be another variant belonging to the Xorist Ransomware family.

The Rans-A Ransomware Locks Victims' Files

The message left by the ransomware attacker declares that all the data and backups stored on the affected device have been encrypted. It goes on to clarify that the only way to recover the encrypted data in its original form is to get in touch with the provided email address: 'mollyrecup@protonmail.com.' The note also states that the encrypted data can be made accessible again within a timeframe of one hour.

Moreover, the ransom note cautions against deleting or renaming any of the locked files with the '.Rans-A' extension, and not to share the message on any website. However, paying the ransom to retrieve the encrypted data is not a reliable option, as there is no guarantee that the attacker will keep their promise, and it may result in financial loss. As a result, it is highly recommended not to pay the ransom.

Make Sure to Protect Your Data from Threats Like the Rans-A Ransomware

To protect their data and devices from ransomware threats, users can take several security measures. The first step is to ensure that they have up-to-date anti-malware programs installed on their devices. This software can detect and remove known ransomware threats, as well as prevent new ones from infecting the system.

Users should be careful when opening email attachments, downloading files from the internet, or clicking attachments in emails from unknown or suspicious sources. This is because ransomware attackers often use these methods to gain access to a user's device.

It is strongly recommended that users regularly back up their data on an external drive or in the cloud, so that they can recover their data if their device becomes infected with ransomware.

Additionally, users can implement security practices such as creating strong and unique passwords, using two-factor authentication, and keeping their operating system and software up to date with the latest security patches.

While these security measures can significantly reduce the risk of a ransomware attack, no method is entirely foolproof. Therefore, users should remain vigilant and cautious, and be prepared to respond quickly in case their device does become infected with ransomware.

The full text of Rans-A Ransomware in its original language is:

'Todos Dados/Backups foram criptografados
a unica forma de obter os dados em seu perfeito estado é
entrar em contato no Email: mollyrecup@protonmail.com
Dados em perfeito estado em até 1 hora
prazo max para o contato 20/03/2023 12:00 ID-6732
(N = N O)

N delete arquivos trancados

N não renomeie os arquivos trancados .Rans-A

N não poste esta mensagem em nenhum site
nem denuncie pois podem bloquear este email.'