Rar Ransomware
The Rar Ransomware is a hurtful threat capable of locking victims from accessing their data. Ransomware threats are equipped with encryption algorithms strong enough to make the restoration of the impacted files nearly impossible. In most ransomware attacks, the only way to recover the locked documents, images, archives, databases, etc., is to obtain the necessary decryption keys.
When the Rar Ransomware was analyzed by cybersecurity researchers, they confirmed that it is a variant belonging to the VoidCrypt malware family. The threat also will modify the names of all files it affects. First, the Rar Ransomware will create a unique ID string and add it to the original file names. It will then be followed by the email address of the cybercriminals at 'spystar1@onionmail.com.' Finally, '.Rar' will be appended as a new file extension.
Victims will be left with a ransom note detailing the demands of the attackers. The messages will be dropped on the breached devices as text files named 'Read.txt.' Reading Rar Ransomware's note the victims will notice that it fails to provide many important details. It simply tells victims to contact either the same 'spystar1@onionmail.com' email found in the encrypted file's names or their Telegram account at '@Rar_support.' The second half of the note delivers various warnings.
The full text of Rar Ransomware's note is:
'All your files have been encrypted. If you want to restore them, write us to the e-mail:spystar1@onionmail.com
Write this ID in the title of your message -
You can also write us using this Telegram Username: @Rar_supportDo not rename encrypted files.
Do not try to decrypt your data using third-party software and sites. It may cause permanent data loss.
The decryption of your files with the help of third parties may cause increased prices (they add their fee to our), or you can become a victim of a scam.'
