Threat Database Ransomware Rokku Ransomware

Rokku Ransomware

By CagedTech in Ransomware

The Rokku Ransomware is a ransomware Trojan that encrypts the victims' files and then changes their extension to .the Rokku. The Rokku Ransomware is a variant of TeslaCrypt, a ransomware Trojan that has been highly active since the release of its 3.0 version in late 2015. Computer users should take measures to protect their machines from threats and backup all important files. Files encrypted by the Rokku Ransomware cannot be recovered without access to the decryption key, which is held by the con artists until the ransom is paid. Maintaining a suitable backup of all files allows computer users to recover from a Rokku Ransomware attack by restoring their files from the backup after wiping the affected hard drive or removing the Rokku Ransomware itself.

How the Rokku Ransomware Carries out Its Attack

The Rokku Ransomware attack is relatively simple and similar to most popular encryption threats active today. The Rokku Ransomware may be delivered in the form of a corrupted email attachment. When computer users open these email attachments, the Rokku Ransomware will run in the background, gather information about the victim's computer, and be encrypting the victim's files. The Rokku Ransomware essentially searches for files that match extensions contained in its configuration settings. By only encrypting files with these kinds of extensions, the Rokku Ransomware makes the victim's data inaccessible, but the affected computer remains functional enough to display the Rokku Ransomware's ransom note. The following are some of the types of files that the Rokku Ransomware and similar encryption ransomware threats search for and target for encryption:

.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.

The Rokku Ransomware searches for files with the extensions listed above – new extensions may be added to the Rokku Ransomware's configuration settings in new updates – and then uses an AES encryption algorithm to encrypt them, essentially making them inaccessible to the computer user. The Rokku Ransomware then displays ransom notes that alert the victim's of the attack and demand the payment of several hundred dollars through BitCoins or similar anonymous channels. The following is a ransom note associated with encryption ransomware similar to the Rokku Ransomware:

Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.
Open or or
in your browser. They are public gates to the secret server.
If you have problems with gates, use direct connection:
1) Download TOR Browser from
1) In the Tor Browser open the http://bs7aygotd2rnjl4o.onion

PC security researchers strongly advise computer users to avoid paying the Rokku Ransomware's ransom amount. Paying the ransom allows con artists to continue financing attacks like the Rokku Ransomware and besides giving them the incentive to continue creating these kinds of threats. Once computer users acquire a culture of backing up their files regularly, the effectiveness of these kinds of attacks will be reduced greatly reduced.

SpyHunter Detects & Remove Rokku Ransomware

File System Details

Rokku Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 97512f4617019c907cd0f88193039e7c 0


Most Viewed