The Rezuc Ransomware data-locking Trojan was spotted by cybersecurity researchers recently. After it was dissected by experts, the Rezuc Ransomware revealed that it is a part of the vast STOP Ransomware family.
Despite studying this threat, malware experts cannot confirm how it is being propagated. However, it is likely that the authors are employing the tried and tested methods of employing spam email campaigns, bogus updates and corrupted pirated data. When the Rezuc Ransomware lands on a system, it will initiate a scan whose goal is to locate the file types, which this file-encrypting Trojan is meant to go after. When this is completed successfully, the Rezuc Ransomware will begin encrypting the targeted data. After undergoing the Rezuc Ransomware's encryption process, the files would have their names altered. The Rezuc Ransomware adds its '.rezuc' extension at the end of the filenames of the files it locks. For example, a picture initially called 'dusk.jpeg' would be renamed to 'dusk.jpeg.rezuc' after the attack is completed.
The next step is to drop the ransom note. The Rezuc Ransomware's ransom note is called '_readme.txt.' The attackers begin the note with the attention-grabbing 'ATTENTION!' in all caps and then proceed to claim that all the files locked are retrievable. The ransom fee that the creators of the Rezuc Ransomware require is $980. However, they claim that if the victim gets in touch with them and pays within 72 hours, they would be receiving a 50% discount on the initial price. The attackers also offer to decrypt one file free of charge so that the victims have a 'guarantee' that they have the decryption key. The user is required to contact the attackers on one of the two emails provided – firstname.lastname@example.org and email@example.com. Alternatively, they can get in touch with the authors of this threat on Telegram '@datarestore'.
It is never a good call to contact cyber crooks because they are likely to trick you into giving them money without providing you with whatever they have promised. Instead, make sure you download an install a legitimate anti-spyware tool, which would keep you safe from pests like this one.