Threat Database Ransomware Roga Ransomware

Roga Ransomware

By GoldSparrow in Ransomware

The Roga Ransomware is a low-level ransomware Trojan that is used to force computer users to pay money. To force computer users to do this, the Roga Ransomware will take the victim's files hostage, blocking computer users from gaining access to their computers. The Roga Ransomware is not a sophisticated threat and is the clear successor of the Free-Freedom Ransomware, a ransomware threat released only a short time before. In its ransom note, the creator of this ransomware Trojan claims to be 13 years old, a possibility that is not unlikely given the level of sophistication of this threat. However, for inexperienced computer users, the Roga Ransomware can be more than an annoyance, preventing them from using their computers entirely.

Roga and the Free_Freedom Ransomware Was Created by the Same Person Apparently

The supposed 13 years old responsible for Roga Ransomware was also responsible for the Free-Freedom ransomware and, although there are numerous aspects about the Roga Ransomware and this previous threat that are identical, there are some clear differences in the attack. Like its predecessor, the Roga Ransomware claims that the victim must visit a public Web page for instructions on how to recover access to the affected files. The use of a public payment website is already an important difference between the Roga Ransomware and more advanced threats since law enforcement can simply block access to the website and track down its creator easily. This is why most ransomware Trojans and similar threats use payment websites on the Dark Web, accessed using the TOR browser. The Roga Ransomware, demands the payment of $30 USD using Google Play Store Gift Cards, rather than more anonymous methods such as BitCoins or payment services such as MoneyPak. The victim is instructed to enter the gift card number into the payment website.

Some of the Differences Between the Roga and the Free-Freedom Ransomware

Considering that the passwords of the Roga Ransomware and its predecessors reference the name 'adam,' it is not unreasonable to conclude that the creator of Roga Ransomware is named Adam. The following are some of the characteristics of the Roga Ransomware:

  1. The Roga Ransomware does not use an encryption algorithm to make the victim's files inaccessible. However, unlike its predecessor, the Roga Ransomware does change the affected files' extensions, replacing it with '.madebyadam' and making the file unreadable until the modified file extension is removed. This is not a difficult process, but it may be tricky for inexperienced computer users.
  2. The Roga Ransomware's password is hard coded into the threat's code. In this case, the password is 'adamdude9.' Entering this password into the lock screen (without the quotation marks) will remove the lock screen and return access to the infected computer.
  3. When computer users click on the button marked 'Decrypt my Files' contained in the Roga Ransomware lock screen, nothing happens, even when the correct unlock code is entered. Because of this, it will be necessary for victims of the Roga Ransomware attack to restore all of the files' extensions manually, a laborious and irritating process.

The Roga Ransomware's new lock screen claims that all of the victim's files, pictures, music, and documents were encrypted, clearly attempting to trick computer users that their computers were attacked by an encryption ransomware Trojan. The Roga Ransomware does not have the capability to encrypt files, a feature of more sophisticated ransomware Trojans. The Roga Ransomware does two things:

  • The Roga Ransomware blocks access to the victim's Desktop through the use of a lock screen.
  • The Roga Ransomware changes the extension of all of the victim's files.

Dealing with the Roga Ransomware

Fortunately, simply entering the password mentioned above will remove the Roga Ransomware lock screen and return access to the infected computer's Desktop. PC security researchers strongly advise computer users to use a strong, reliable security program that is fully up-to-date to remove the Roga Ransomware completely. Unfortunately, file extensions will have to be restored manually.

Related Posts


Most Viewed