Reha Ransomware Description
The Reha Ransomware is among the most recently uncovered file-encrypting Trojans. Once spotted and dissected, this threat revealed that it is a variant of the infamous STOP Ransomware. During 2019 the STOP Ransomware family claimed countless victims as it emerged as the most active ransomware family throughout the entire year. The Reha Ransomware would compromise a user's PC, lock all their files, and then present them with a ransom note asking for cash in return for a decryption key.
Propagation and Encryption
Malware researchers have not yet identified with any certainty what is the infection vector responsible for the spreading of the Reha Ransomware. Some speculate that the authors of the Reha Ransomware may be utilizing spam emails containing macro-laced attachments. It is also likely that the attackers may be using malvertising campaigns, pirated copies of popular applications, bogus software updates, and other tricks to propagate the Reha Ransomware. The Reha Ransomware is designed to target a wide range of filetypes, as this would increase the chances of the victim paying the demanded ransom fee. Once it infiltrates a system, the Reha Ransomware would begin locking the user's data with the help of an encryption algorithm. After the encryption process, the victim will notice that all their files' names have been changed. This is because the Reha Ransomware applies an additional extension to all the affected files' names - '.reha.' For example, a file originally named 'Frosty-Morning.jpeg' will be renamed to 'Frosty-Morning.jpeg.reha' and will no longer be executable.
The Ransom Note
After completing the encryption process, the Reha Ransomware will proceed with the attack by dropping a ransom note on the user's desktop. The file containing the attackers' message is named '_readme.txt.' In the note, the authors of the Reha Ransomware outline several main points:
- Users who contact the attackers within 72 hours of the attack taking place would have to pay $490.
- Users who fail to contact the attackers within 72 hours of the attack taking place would have to pay $980.
- Users need to contact the attackers via email - 'firstname.lastname@example.org' and 'email@example.com.'
You should not cooperate with the cyber crooks that created the Reha Ransomware. Such shady actors tend to make promises they rarely keep, which means that even users who pay up are not likely to be provided with the decryption tool they need. Instead, you should consider downloading and installing a genuine anti-spyware application that will rid you of the Reha Ransomware for good.