Threat Database Ransomware Reetner Ransomware

Reetner Ransomware

By GoldSparrow in Ransomware

The Reetner Ransomware is a ransomware Trojan used to demand ransom payments from its victims. Ransomware Trojans like the Reetner Ransomware will take the victims' computers hostage in a variety of ways, ranging from encryption to simply blocking access with a lock screen. They do this so that they can then extort the victims, who may be desperate to recover their data. Malware researchers advise computer users to take precautions against threats like the Reetner Ransomware, such as installing a reliable security program and having file backups in case it is necessary to recover compromised files.

Good News: The Reetner Ransomware may not Encrypt the Victim's Files

The Reetner Ransomware displays ransom notes on the infected computer but, in its current form, does not seem to encrypt the victims' files. The Reetner Ransomware was first observed towards the end of June of 2017 being distributed using spam email messages and corrupted files associated with software for taking notes. Malware analysts suspect that the version of the Reetner Ransomware analyzed by security researchers is still under development and unfinished. It is likely that an encryption engine will be added to the current version of the Reetner Ransomware to turn it into a full-fledged ransomware attack. Malware researchers first observed the Reetner Ransomware submitted to online anti-virus engines. This is a common method used by con artists to test new threat creations, to find out whether they are capable of evading detection with current anti-virus technology.

The Versatile Content Displayed by the Reetner Ransomware

It is likely that the Reetner Ransomware will carry out a variant of the HiddenTear attack, an open source ransomware engine that was first released in 2015. This is because the Reetner Ransomware has many similarities with several other HiddenTear variants also released in Summer of 2017. The Reetner Ransomware runs as 'Noter.exe' on the infected computer and, during its attack, will change the infected computer's desktop wallpaper image. Content associated with the Reetner Ransomware appears in multiple languages, including English, Spanish and Italian. During its attack, the Reetner Ransomware will not change the affected files' names or add a new extension (common in these kinds of attacks).

The Reetner Ransomware's Ransom Note and Ransom Demand

The Reetner Ransomware will drop a file named 'note.html' or 'Unlock_Mu_Files' on the infected computer. There are several ransom notes associated with the Reetner Ransomware and its variants. The following is on of the messages associated with the Reetner Ransomware:

Why I can't open my files?
All your important files were protected with a strong military-grade encryption algorithm (AES256 + RSA4096). More info here:
What can I do?
In the following computers, there is a file named C:\note.html with more detailed instructions to recover your files. Contact the administrators at your institution as soon as possible.'

However, the file mentioned in the Reetner Ransomware ransom note does not contain contact information or a way to make a ransom payment. This may happen because the Reetner Ransomware is unfinished currently or is simply not configured in its current state. In its final state, the Reetner Ransomware may demand a ransom payment between $500 and $1500 USD in exchange for a decryption program required to recover any files encrypted in the attack.

Dealing with the Reetner Ransomware Infection

In its current state, the Reetner Ransomware does not make any changes to the victim's files or take the victim's files hostage in any way. Because of this, there is no reason to pay the Reetner Ransomware's ransom. However, even if the Reetner Ransomware ends up being released in a functional version, PC security researchers still advise computer users to refrain from making the Reetner Ransomware payment. Instead, the files should be recovered from a backup, and a security program should be used to remove the Reetner Ransomware infection completely.

SpyHunter Detects & Remove Reetner Ransomware

File System Details

Reetner Ransomware may create the following file(s):
# File Name MD5 Detections
1. Noter.exe a136cbb34942575feb5949c32086aa99 0


Most Viewed