Threat Database Ransomware '.razy1337 File Extension' Ransomware

'.razy1337 File Extension' Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 7
First Seen: November 21, 2016
Last Seen: October 18, 2020
OS(es) Affected: Windows

The '.razy1337 File Extension' Ransomware is an encryption ransomware Trojan that uses an RSA-2048 key and an AES-256 encryption algorithm to encrypt the victim's files, essentially taking them hostage. After encrypting the victim's data and making it inaccessible, the '.razy1337 File Extension' Ransomware displays a ransom note that demands the payment of 0.5 BitCoin (approximately $355 USD at the current exchange rate) to receive the decryption key needed to restore the affected files.

The Harm Caused by the '.razy1337 File Extension' Ransomware

Unfortunately, the files that have been encrypted by the '.razy1337 File Extension' Ransomware cannot be recovered without the decryption key. However, caving into the con artists' ransom demands and paying the ransom is unlikely to get results. PC security analysts have observed numerous cases in which computer users have paid the ransom and been ignored or been asked for additional payments. Instead, PC security analysts strongly advise computer users to take preemptive measures and to backup all files, thus making their computers immune to these attacks completely.

The '.razy1337 File Extension' Ransomware and its many variants may be distributed using corrupted email messages. The '.razy1337 File Extension' Ransomware can affect computers running the Windows operating system and its attack is devastating. This is because the effects of the '.razy1337 File Extension' Ransomware attack remain on the victim's computer even after the '.razy1337 File Extension' Ransomware has been removed with a reliable security program. This is why encryption ransomware Trojans have become so popular among ill-minded people; the effects last well after the attack and are, unfortunately, irreversible.

How the '.razy1337 File Extension' Ransomware Attack Works

The '.razy1337 File Extension' Ransomware attack is simple to understand: the '.razy1337 File Extension' Ransomware infiltrates the victim's computer, searches for certain file types, and then encrypts them with its encryption algorithm. The following are some of the file types that are targeted in the '.razy1337 File Extension' Ransomware attack:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.

The encrypted files are marked with the extension '.razy1337,' making it easy to know which files have been affected by the attack. The '.razy1337 File Extension' Ransomware will display its ransom note in the form of text and HTML files dropped onto the victim's computer. The text of the '.razy1337 File Extension' Ransomware's ransom note reads as follows:

'You got infected by Razy

All your files have been encrypted with AES 128 bit and you need the key to decrypt your files!

To get the key you need to pay 0.5 bitcoins. If you don't have bitcoins you can but it at www.localbitcoins.com

When you bought bitcoins send me 0.5 to the address and leave your ID as message so we can identify you!

This window is your only chance to decrpyt your files, trying anything to get rid of me can destroy the encryption key.

You have 24 hours to buy the decryption key, after 24 hours your decryption key will be deleted and all your file will be deleted.'

Trending

Most Viewed

Loading...