REvil Ransomware Description
Cybersecurity experts have spotted a new ransomware threat circulating the Web recently. This data-encrypting Trojan is called REvil Ransomware and also is known as the Sodinokibi Ransomware.
Infiltration and Encryption
Malware experts have not been able to reach a consensus as to what method is employed in the propagation of the REvil Ransomware. It is largely believed that the authors of the REvil Ransomware may be using some of the most common techniques to spread this file-locking Trojan – bogus application updates, infected pirated software downloaded from unofficial sources, and spam emails, which contain corrupted attachments. If the REvil Ransomware manages to penetrate a system, it will begin the attack with a quick scan of the files present on the computer. The goal is to find and locate the files, which the REvil Ransomware was programmed to go after. Then, the encryption process will be triggered, and all the targeted files will be locked using an encryption algorithm. Upon locking a file, the REvil Ransomware adds an extension to its filename, which consists of uniquely generated random string for each victim, for example ‘.294l0jaf59.’ This means that once a file, which was originally named ‘kitty-litter.jpg’ undergoes the encryption process of the REvil Ransomware, its name will be altered to ‘kitty-litter.jpg.294l0jaf59.’
The Ransom Note
The next phase is the dropping of the ransom note. The REvil Ransomware’s note will be named ‘294l0jaf59-HOW-TO-DECRYPT.txt’ if we carry on with the example of the uniquely generated extension for earlier. The ransom message reads:
’--=== Welcome. Again. ===---
[+] Whats Happen? [+]
Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion 686l0tek69.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).
[+] What guarantees? [+]
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.
[+] How to get access on website? [+]
You have two ways:
1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: hxxps://torproject.org/
b) Open our website: hxxp://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/913AED0B5FE1497D
2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: http://decryptor.top/913AED0B5FE1497D
Warning: secondary website can be blocked, thats why first variant much better and more available.
When you open our website, put the following data in the input form:
!!! DANGER !!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!’
The attackers demand $2500 in Bitcoin as a ransom fee. However, if the sum is not paid within 72 hours, it doubles to $5000.
The sum demanded by the authors of the REvil Ransomware is pretty hefty, and we would advise you strongly against paying up and giving in to any demands made by cybercriminals like the ones responsible for this data-locking Trojan. A wiser option would be to make sure you download and install a reputable anti-virus software suite, which would keep your system secure from threats like the REvil Ransomware.
Do You Suspect Your PC May Be Infected with REvil Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like REvil Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.