The Rightsor Ransomware is an encryption ransomware Trojan that was first observed on the first week of September 2018. The Rightsor Ransomware does not seem to be a variant of previously known ransomware Trojans and was developed independently. The Rightsor Ransomware receives its name because the criminals demand payment through the email address 'firstname.lastname@example.org.'
How the Rightsor Ransomware Infects a Computer
The Rightsor Ransomware targets the user-generated files, encrypting them by using the AES encryption to make their contents inaccessible. The Rightsor Ransomware takes the victim's files hostage. The Rightsor Ransomware adds the file extension '.rcrypted' to the files it compromises in its attack. Ransomware Trojans like the Rightsor Ransomware target the files displayed beneath in their attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Rightsor Ransomware delivers a ransom note in the form of a text file named 'README.PLEASE.txt,' which is dropped on the infected computer's desktop. The Rightsor Ransomware ransom note's entire text reads:
Your business is under serious threat!
There exists a significant risk of a data breach at the security of your company.
We've easily pentested your work network.
You should thank Allah for being approached by the security experts and not some kids.
They could have encrypted all your data just for fun!
Now all your files are encrypted with the strongest algorithms of AES256.
No one can have it decrypted without our genuine decoder.
Attempts to use the commonly available decrypting software can lead to the complete loss of data.
If you prefer to have your files restored please write to this email (contacts are at the bottom of the sheet),
and attach 2-3 encrypted files (files does not have to contain any valuable information)
You will receive decrypted samples and our conditions on how to get the decoder to have your data restored.
Please write the name of your company in the subject of your e-mail.
You will have to pay for our decryptor in Bitcoins (BTC)
The final price depends on how fast you will get in touch with us.
For every additional day the payment would be delayed we add a motivational 0.5 btc as punishment.
Nothing personal, ladies and gentelmen, it is just business.
As soon as we get the Bitcoins you will get the decrypting software.
Also we will provide free recommendations on how you can patch the security hole in your network.
Please do not rename the encrypted files! (It can complicate the recovery)
Decryptor price is 30 BTC
Contact email: email@example.com
BTC wallet: 1Ff4ZxANNtDuvL5Y95aGukJs3dgnuSrfTv'
Dealing with the Rightsor Ransomware
Computer users are discouraged from paying the Rightsor Ransomware ransom. If they want to be prepared to nullify the effects of a Rightsor Ransomware and similar threat infections, then they must have file backups and an updated and good security program to prevent the Rightsor Ransomware from carrying out its attack.