Rastakhiz Ransomware

The Rastakhiz Ransomware is an encryption ransomware Trojan that was first observed on November 17, 2017. It is likely that the Rastakhiz Ransomware is being distributed through the use of corrupted Microsoft Word documents delivered to the victims through phishing email messages. When victims download these corrupted documents, an embedded macro script downloads and install the Rastakhiz Ransomware onto the affected machine. The Rastakhiz Ransomware is a variant of HiddenTear, an open source ransomware engine that made its first appearance in August of 2015. Since its appearance back then, HiddenTear has spawned countless encryption ransomware Trojans like the Rastakhiz Ransomware. The main purpose of Trojans like the Rastakhiz Ransomware is to extort computer users, making their files unusable through the use of a strong encryption algorithm and then demanding a ransom to get the key necessary to recover the affected files.

The Well-Known Attack of the Rastakhiz Ransomware

The Rastakhiz Ransomware uses a combination of the AES 256 and RSA encryptions to make the victim's files inaccessible. The Rastakhiz Ransomware will encrypt all files on the infected computer, not only targeting the victim's main drive, but also external memory devices connected to the infected computer. Once the Rastakhiz Ransomware has encrypted the victim’s files, they become unusable without the decryption key, which the cybercrookss hold in their possession. During its attack, the Rastakhiz Ransomware will target a variety of file types, targeting the user-generated files rather than Windows system files. Some of the file types targeted in a Rastakhiz Ransomware infection are:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Rastakhiz Ransomware marks the files it encrypts by adding the file extension '.RASTAKHIZ' to the end of each affected file's name.

How the Rastakhiz Ransomware Demands Its Ransom Payment

The Rastakhiz Ransomware delivers a ransom note in the form of a program window that has the title 'RASTAKHIZ.'. This window alerts The victim will be alerted by these window about the attack, asked to contact the cybercrooks via email and pay a large ransom through Bitcoins. The Rastakhiz Ransomware uses a Gmail email addresses, uncommon in the case of ransomware Trojans because these email addresses are constantly disabled by Google and can make it easier for PC security researchers to localize the people responsible for the Rastakhiz Ransomware attack. The ransom note that the Rastakhiz Ransomware delivers to the victim reads:

'I have encrypted all your precious files including images, videos. songs, textfiles, word files and etc So long story short you are screwed ... but you are lucky in a way. Why is that ?? I am ransomware that leave you an unlimited amount of time to gather the money to pay me. I am not gonna go somewhere, neither do your encrypted files.
Info
Personal ID: [Copy Personal ID|BUTTON]
Bitcoin Address: [Copy The Bitcoin Address|BUTTON]
[About Bitcoin|HYPERLINK]
[Buy Bitcoin|HYPERLINK]
[DECRYPT|BUTTON]
TIME TO LOSE YOUR KEYS: [48h COUNTDOWN]'

Computer users that cherish their data need to take precautions against the Rastakhiz Ransomware and similar threats, including the use of an anti-malware program that is fully up-to-date.