The Resgateseup Ransomware is a file-locking Trojan that blocks Windows users' files and generates Portuguese-language ransom demands. Unusual behavior also includes the lack of an added extension (which most Trojans of this type use) and creating a Command Prompt pop-up with ASCII art. Users should always have backups on other devices for restoring anything the Trojan locks and cyber-security tools for deleting the Resgateseup Ransomware.
Childish Artwork Becomes a Warning of Extortion
Due to a thriving threat landscape, Brazil is a periodic reference point for threat actors' campaigns, including those of file-locking Trojans. What could be a new player in that area, the Resgateseup Ransomware, shows traits of targeting home users with a childish but deadly payload. The Resgateseup Ransomware, whose name translates to 'redemption' roughly, is one of many Trojans that anticipate Portuguese-speaking victims.
A telltale sign of the Resgateseup Ransomware's low professionalism lies in the sheer size of its executable file: over five megabytes, whereas most Trojans of this kind are under one. However, the Trojan includes a fully-working, file-locking feature: a data encryption routine that converts media such as documents, images, movies, or audio to non-opening formats. The Resgateseup Ransomware also omits the usual addition of an extension to the files' names, and users may require clicking each file individually to sort them from the working ones.
The Resgateseup Ransomware has a Portuguese-language ransom note that asks for three hundred USD in Bitcoins roughly, after which the attacker supposedly helps unlock the files. It also generates a pop-up Command Prompt window that displays text artwork of a 'lock' symbol. The latter is very different from traditional Trojans' uses for the Command Prompt, which involve the attacker supervising it (such as after gaining a backdoor into a network).
Redeeming One's Data a Better Way
Although paying a few hundred dollars tempts users who lose irreplaceable data, even cheap ransoms have massive drawbacks for those who pay. Malware experts highly advise against paying since criminals can take the money and run, corrupt the files with a buggy decryptor, or pass back fake 'unlocked' files that install other threats. Additionally, any payments encourage more development of already too-numerous Trojans with encryption features.
Malware researchers don't relate the Resgateseup Ransomware to other Trojans of this category, but its encryption's security is an unknown factor. Users always should have backups of any personal or valuable data on spare devices, including removable USBs, cloud servers, etc. Restore Points and similar local backups are often, if not always, subject to erasure.
Windows cyber-security solutions can delete the Resgateseup Ransomware before any locking happens and prevent infections from most traditional sources. However, users should install threat database updates attentively, which improve these tools' accuracy against newfound threats.
The Resgateseup Ransomware isn't redeeming anything except for money in a hacker's wallet. A criminal's well-being shouldn't come at the expense of others' computer data, no matter how affordable it seems.