Rar1 Ransomware

The Rar1 Ransomware targets the data of its victims and via an encryption process renders it completely unusable. The operators of ransomware threats use the locked files as a way to extort money from the affected users or organizations. Typically, this malware scans the infected systems and then encrypts specific file types, such as documents, photos, PDFs, archives, databases and many others.

When the Rar1 locks a file, it also completely changes that file's original name. Indeed, users will notice that nearly all of the files stored on the breached devices now have names consisting of a random string of characters followed by '.rar1.' The threat also will deliver a text file named 'READ_TO_DECRYPT.TXT' to the system.

Inside the threat's file is a relatively short ransom note. The Rar1 Ransomware tells its victims that they will have to pay 2 Monero (XMR) coins to the cybercriminals. At the current price of this particular cryptocurrency, the demanded ransom is around $300. After transferring the funds to the provided crypto-wallet address, victims are expected to contact the 'a94673838@proton.me' email address.

The full text of Rar1 Ransomware's message is:

'Your files have been encrypted
Send 2 XMR to the following wallet 46aUsHcCS9XUu8c3wuyXbvg6qrcuveGcAWWJLd14NnCZPo 2uQqg8FddhJZjUhs1d1WHBhdcqWvEAedQir3axX4wJ5h8uuuT
And after pay contact a94673838@proton.me
Get the password to decrypt the file
Your machine code is :'