The Ritzer Ransomware is not an entirely unique threat, as cybersecurity researchers have confirmed that it is a variant based on Chaos Ransomware. However, this fact doesn't make the consequences of being infected by Ritzer any less devastating. The threat is capable of scanning the infected system and encrypting a vast portion of the file types found there. Affected users will no longer be able to open any of their documents, images, photos, databases, archives and more.
To mark each locked file, the threat will append a new file extension to that file's original name. The new extension is '.ritzer.' Upon completing its encryption routine, the ransomware will drop a ransom note with instructions from the threat actors. This ransom-demanding message will be delivered to the infected system as a text file named 'read_it.txt.'
Reading the note reveals that the attackers demand to be paid a ransom to assist in the restoration of the locked data. The message doesn't reveal the exact amount that the cybercriminals are looking to extort from their victims, but it does state that only payments in Bitcoin will be accepted. The ransom note also instructs Ritzer Ransomware's victims that they may send up to 3 encrypted files to supposedly be unlocked and returned for free. The chosen files can be sent to the email address of the threat's operators at 'firstname.lastname@example.org.'
The full text of Ritzer Ransomware's message is:
'Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :
1) Write on our e-mail email@example.com( In case of no answer in 24 hours check your spam folder
or write us to this e-mail: firstname.lastname@example.org)
2) Obtain Bitcoin (You have to pay for decryption in Bitcoins.
After payment we will send you the tool that will decrypt all your files.)'