REVRAC (Makop) Ransomware
The danger posed by ransomware is greater than ever. With data breaches and malware attacks making headlines regularly, it's critical that users remain vigilant and adopt strong cybersecurity practices. Among the latest threats circulating is a newly identified variant of the REVRAC ransomware, a sophisticated and highly damaging strain that belongs to the Makop ransomware family. This analysis dives into the workings of this threat, its infection methods, and the most effective ways to defend against it.
Table of Contents
A Familiar Name with a Dangerous Twist
Although a ransomware labeled REVRAC has been seen in the past, the current variant is an entirely new and dangerous evolution. This version has been conclusively linked to the Makop ransomware family, known for its aggressive encryption and destructive capabilities. Once executed on a target system, REVRAC immediately begins encrypting the user's files, including documents, images, databases, and other valuable data.
The infected files are renamed following a distinct pattern: the original filename is modified to include the victim's unique ID, the attackers' email address, and the '.REVRAC extension.' For instance, a file like '1.png' is renamed to '1.png.[2AF20FA3].[OnlyBuy@cyberfear.com].REVRAC.'
In addition to locking files, the ransomware changes the system's desktop wallpaper and creates a ransom note named '+README-WARNING+.txt.' This note outlines the attackers' demands and warns against using third-party tools or renaming files, threatening permanent damage or increased ransom demands.
The Ransom Note: Extortion by Design
The ransom message left behind by REVRAC aims to coerce victims into compliance through fear and urgency. It informs users that their files cannot be restored without a unique decryption key that only the attackers possess. Victims are instructed to contact 'onlybuy@cyberfear.com,' providing their personal ID as displayed in the file names. The note stresses that any unauthorized attempts to decrypt or modify the encrypted data could lead to irreversible data loss.
Despite these claims, cybersecurity experts strongly advise against paying the ransom. There is no guarantee that paying will result in file recovery, and doing so only fuels further criminal activity.
How REVRAC Infects Systems
The REVRAC ransomware spreads through a variety of deceptive and malicious tactics. Common infection vectors include:
Fake Software Installers: Malware disguised as cracked programs, key generators, or unauthorized activation tools.
Phishing Emails: Messages that trick users into downloading malicious attachments or clicking dangerous links.
Compromised Websites and Ads: Legitimate-looking websites or advertisements that secretly install malware.
Removable Media and Network Propagation: Infections that spread via USB drives or laterally across connected systems.
Exploiting Software Vulnerabilities: Using unpatched bugs in legitimate software to gain access and execute the ransomware payload.
The malware is often embedded in file formats such as executable (.exe), document (.docx, .xls), script (.js, .vbs), or archive (.zip, .rar) files.
Best Practices to Prevent Ransomware Infections
To defend against threats like REVRAC, users must adopt a layered and proactive cybersecurity approach. Some of the most effective security practices include:
- Keep all operating systems, applications, and security tools fully updated.
- Use a reputable antivirus or anti-malware solution with real-time protection.
- Disable macros in Microsoft Office files from unknown sources.
Conclusion: Stay Vigilant, Stay Protected
The REVRAC ransomware is a potent example of how ransomware continues to evolve, becoming more targeted and damaging. Its affiliation with the Makop family highlights its potential for serious harm. However, with the right precautions, from software hygiene to user education and backup routines, individuals and organizations alike can protect their data and systems from falling into the hands of cybercriminals. Prevention remains the most powerful tool against ransomware.
Messages
The following messages associated with REVRAC (Makop) Ransomware were found:
|
YOUR FILES ARE ENCRYPTED Your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: TechSupport@cyberfear.com and decrypt one file for free. Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets,sql. etc.) Do you really want to restore your files? Write to email: OnlyBuy@cyberfear.com Your personal ID is indicated in the names of the files and in the end of this message, before writing a message by email - indicate the name of the ID indicated in the files IN THE SUBJECT OF THE EMAIL Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. YOUR ID: |
