Threat Database Ransomware Rijndael Ransomware

Rijndael Ransomware

By CagedTech in Ransomware

The Rijndael Ransomware is a ransomware Trojan. The Rijndael Ransomware is being distributed on coding forums disguised as a BitCoin miner. The Rijndael Ransomware may be contained in files named 'BitcoinMiner.exe' and 'r4ns0mw4r3.exe' and seems to be the work of a coder that goes by the online handle 'humanpuff69.' This coder has uploaded YouTube videos with information on how to create rogue security software and clones of CryptoWall, a known ransomware Trojan. It also is possible that the Rijndael Ransomware was created by a third party looking to implicate this person by using the same online handle in the Rijndael Ransomware's internal code.

The Good Name of an Advanced Encryption Standard Used for Bad Purposes

The Rijndael Ransomware represents a real threat to computer users. The Rijndael Ransomware uses the AES 256 encryption to make the victim's files inaccessible completely. The Rijndael Ransomware is able to carry out its attacks offline, not requiring a connection to a Command and Control server. The Rijndael Ransomware is designed to target computers running the Windows operating system and can affect both 32-bit and 64-bit versions of this operating system. Like most ransomware Trojans, the Rijndael Ransomware is designed to block all access to the victim's files by encrypting them using a strong encryption algorithm. The files affected by the Rijndael Ransomware will have the file extension '.fucked' added to the extremity of each file's name. The Rijndael Ransomware is capable of encrypting a wide variety of files, which may include the following file types:


How the Rijndael Ransomware Threatens Its Victims

The Rijndael Ransomware can connect to its Command and Control server using a hidden instance of the Internet Explorer with its security features turned off. The Rijndael Ransomware reports the attack to its Command and Control server and includes information about the compromised computer. The Rijndael Ransomware will display its ransom note on the victim's computer after encrypting the victim's files. To display its ransom note, the Rijndael Ransomware uses a program window that includes the message below:

'Deathnote Hackers Was Here !
Your Computer files is encrypted
all files is encrypted with extremely
powerfull new RIDNDAEL encryption
that no one can break except you have
a private string and IVs
To Decrypt Your File You Should Pay Me
0.5 BTC (864.98 USD)
Contact Me :
insert your code here:
[TEXT BOX] Decrypt!

Dealing with the Rijndael Ransomware

Although it may be impossible to recover the data that is encrypted by Trojans like the Rijndael Ransomware, the Rijndael Ransomware's decryption key is hard coded into its main executable file and have been able to recover it. Victims can enter the code '83KYG9NW-3K39V-2T3HJ-93F3Q-GT' into the text box included in the Rijndael Ransomware ransom message to restore their files. It is likely that the con artists will update the Rijndael Ransomware to remove this weakness, but for now, it is possible for computer users to recover their files from the attack. However, being able to recover from these attacks is rare. Because of this, computer users need to take precautionary measures. Although the decryption key for the Rijndael Ransomware is available, computer users may not be as lucky the next time. Recovering from a Rijndael Ransomware attack is as simple as having backup copies of your files or a disk image, preventing con artists from demanding ransom payments since computer users can recover the files themselves.


Most Viewed