Rezm Ransomware

Rezm ransomware is the latest in a long line of ransomware known as STOP/DJVU Ransomware. Much like the previous versions of Stop, Rezm will maliciously infect a computer, often without the user knowing, and encrypt the data on that computer. It encrypts data using a multi-stage algorithm that makes them practically inaccessible.

In some advanced infections, Rezm is able to delete any shadow copies of files to make it even more difficult for a user to restore their original files. Rezm is as dangerous as any other kind of malware or ransomware and should be removed as soon as possible.

When Did Rezm Appear?

Rezm is relatively new for a computer threat in the scope of ransomware outbreaks during the year 2020. Rezm was first noticed in early March 2020. It only took a few days for the virus to spread across the internet and infect computers around the world. While it was aimed at English-speaking users, it managed to have a global reach and affect many people.

Like other kinds of well-known ransomware, Rezm changes the file extension on a file as it encrypts it. In this case, files are renamed with the .rezm extension and can’t be used as they were before. Please note that attempting to rename the files will do no good as the virus prevents that.

Last but not least, the ransomware drops a ransom note in infected folders and on the desktop of the computer. This ransom note, titled "_readme.txt", contains the following message:

Rezm ransom note

How does Rezm Ransomware Infect Computers?

Rezm is distributed via spam emails much like other viruses. The message contains an infected attachment that users are urged to download. It can also come packaged into malicious programs and exploit vulnerabilities in operating systems.

The main way that the virus spreads is cyber-criminals sending out spam. The email looks like it comes from a legitimate source, such as DHL. A common tactic seen with Rezm is to trick people into thinking that the email comes from a shipping company. The message says that the reader missed a package or it notifies a user of a shipment they have made. They open the link/download the file to learn more and their computer is infected.

Rezm ransomware has also been seen to attack computers by exploiting vulnerabilities in operating systems and software programs. This is why it’s always so important to keep programs and computers updated.