'.razy1337 File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 7 |
First Seen: | November 21, 2016 |
Last Seen: | October 18, 2020 |
OS(es) Affected: | Windows |
The '.razy1337 File Extension' Ransomware is an encryption ransomware Trojan that uses an RSA-2048 key and an AES-256 encryption algorithm to encrypt the victim's files, essentially taking them hostage. After encrypting the victim's data and making it inaccessible, the '.razy1337 File Extension' Ransomware displays a ransom note that demands the payment of 0.5 BitCoin (approximately $355 USD at the current exchange rate) to receive the decryption key needed to restore the affected files.
The Harm Caused by the '.razy1337 File Extension' Ransomware
Unfortunately, the files that have been encrypted by the '.razy1337 File Extension' Ransomware cannot be recovered without the decryption key. However, caving into the con artists' ransom demands and paying the ransom is unlikely to get results. PC security analysts have observed numerous cases in which computer users have paid the ransom and been ignored or been asked for additional payments. Instead, PC security analysts strongly advise computer users to take preemptive measures and to backup all files, thus making their computers immune to these attacks completely.
The '.razy1337 File Extension' Ransomware and its many variants may be distributed using corrupted email messages. The '.razy1337 File Extension' Ransomware can affect computers running the Windows operating system and its attack is devastating. This is because the effects of the '.razy1337 File Extension' Ransomware attack remain on the victim's computer even after the '.razy1337 File Extension' Ransomware has been removed with a reliable security program. This is why encryption ransomware Trojans have become so popular among ill-minded people; the effects last well after the attack and are, unfortunately, irreversible.
How the '.razy1337 File Extension' Ransomware Attack Works
The '.razy1337 File Extension' Ransomware attack is simple to understand: the '.razy1337 File Extension' Ransomware infiltrates the victim's computer, searches for certain file types, and then encrypts them with its encryption algorithm. The following are some of the file types that are targeted in the '.razy1337 File Extension' Ransomware attack:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
The encrypted files are marked with the extension '.razy1337,' making it easy to know which files have been affected by the attack. The '.razy1337 File Extension' Ransomware will display its ransom note in the form of text and HTML files dropped onto the victim's computer. The text of the '.razy1337 File Extension' Ransomware's ransom note reads as follows:
'You got infected by Razy
All your files have been encrypted with AES 128 bit and you need the key to decrypt your files!
To get the key you need to pay 0.5 bitcoins. If you don't have bitcoins you can but it at www.localbitcoins.com
When you bought bitcoins send me 0.5 to the address and leave your ID as message so we can identify you!
This window is your only chance to decrpyt your files, trying anything to get rid of me can destroy the encryption key.
You have 24 hours to buy the decryption key, after 24 hours your decryption key will be deleted and all your file will be deleted.'
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.