Reha Ransomware

Reha Ransomware Description

The Reha Ransomware is among the most recently uncovered file-encrypting Trojans. Once spotted and dissected, this threat revealed that it is a variant of the infamous STOP Ransomware. During 2019 the STOP Ransomware family claimed countless victims as it emerged as the most active ransomware family throughout the entire year. The Reha Ransomware would compromise a user's PC, lock all their files, and then present them with a ransom note asking for cash in return for a decryption key.

Propagation and Encryption

Malware researchers have not yet identified with any certainty what is the infection vector responsible for the spreading of the Reha Ransomware. Some speculate that the authors of the Reha Ransomware may be utilizing spam emails containing macro-laced attachments. It is also likely that the attackers may be using malvertising campaigns, pirated copies of popular applications, bogus software updates, and other tricks to propagate the Reha Ransomware. The Reha Ransomware is designed to target a wide range of filetypes, as this would increase the chances of the victim paying the demanded ransom fee. Once it infiltrates a system, the Reha Ransomware would begin locking the user's data with the help of an encryption algorithm. After the encryption process, the victim will notice that all their files' names have been changed. This is because the Reha Ransomware applies an additional extension to all the affected files' names - '.reha.' For example, a file originally named 'Frosty-Morning.jpeg' will be renamed to 'Frosty-Morning.jpeg.reha' and will no longer be executable.

The Ransom Note

After completing the encryption process, the Reha Ransomware will proceed with the attack by dropping a ransom note on the user's desktop. The file containing the attackers' message is named '_readme.txt.' In the note, the authors of the Reha Ransomware outline several main points:

  • Users who contact the attackers within 72 hours of the attack taking place would have to pay $490.
  • Users who fail to contact the attackers within 72 hours of the attack taking place would have to pay $980.
  • Users need to contact the attackers via email - 'helpmanager@firemail.cc' and 'helpmanager@iran.ir.'

You should not cooperate with the cyber crooks that created the Reha Ransomware. Such shady actors tend to make promises they rarely keep, which means that even users who pay up are not likely to be provided with the decryption tool they need. Instead, you should consider downloading and installing a genuine anti-spyware application that will rid you of the Reha Ransomware for good.

Do You Suspect Your PC May Be Infected with Reha Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Reha Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.