The RIP Ransomware is a ransomware Trojan that is being used to extort computer users. The RIP Ransomware is one of the many variants of the Hidden Tear project, a publicly available ransomware engine created for 'educational purposes' originally. Con artist adapted this freely available ransomware engine quickly to create numerous versions of this attack based entirely on the Hidden Tear engine. The RIP Ransomware is being distributed through a Trojan dropper that is sent to the victim's computer as an attachment in an email message. Once the Trojan dropper enters the victim's computer, it downloads and installs the RIP Ransomware. The RIP Ransomware carries out a typical ransomware attack. As soon as it is installed, it begins encrypting the victim's files, taking the victim's data hostage until the victim pays a ransom.
The RIP Ransomware Doesn't Let Your Files Have Peace
Like most encryption ransomware Trojans, the RIP Ransomware uses the RSA and AES encryptions to make the victim's files inaccessible. The RIP Ransomware is identical to the numerous other variants of Hidden Tear virtually. The RIP Ransomware searches the victim's computer for a variety of file types, typically targeting eBooks, videos, audio, databases, and a variety of Office documents. The RIP Ransomware will encrypt these files, essentially taking them hostage. Many other ransomware Trojans in the Hidden Tear family will encrypt the following file types on the victims' computers:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
Files that have been encrypted by the RIP Ransomware will have their file extension changed to '.r.i.p,' making it simple to observe which files have been affected during the RIP Ransomware attack. The files will have been completely encrypted – simply changing the files' extensions will not restore their functionality. The RIP Ransomware will have taken the victim's files hostage until the victim agrees to pay a ransom, usually in BitCoin, an online currency introduced in 2009. PC security analysts, however, strongly advise against paying the RIP Ransomware ransom. The people responsible for the RIP Ransomware attack are not likely to keep their word and return the decryption key in exchange for the payment. They are just as likely to ask for more money or simply ignore the victim altogether after the payment has been carried out.
When It Comes to a Threat Like the RIP Ransomware, Prevention is the Best Defense
Computer users must ensure that they are well protected against ransomware attacks like the RIP Ransomware. They are becoming more common increasingly, and the effect can be devastating on computer users that are unprepared. This is mainly because the effects of the attack will remain even if the RIP Ransomware Trojan itself is removed with a reliable security program. The best protection against these threats is to have backups of all files. Having a well-maintained backup will make computer users invulnerable to the RIP Ransomware attack since they can simply restore the encrypted files from the backup rather than having to give in to the con artists' demands. The ransom demanded by the RIP Ransomware attack is usually close to 1 BitCoin (about $800 USD.) An external memory device or cloud storage will cost a tiny fraction of what it would cost to recover from an attack and should be a required investment for all computer users that cannot afford to risk their data.