Rook Ransomware

The Rook Ransomware uses an uncrackable encryption algorithm to lock the files of its victims. Indeed, the threat will cause the majority of the files stored on the breached system to become unusable and inaccessible. Without getting the decryption key from the hackers, victims have little to no chance of getting their data back. Other examples of ransomware threats are Steriok, Robm and Rigj.

As part of its threatening operations, the threat will mark all locked files by modifying their original names. More specifically, each encrypted file will have '.Rook' appended to its name as a new extension. The attackers will leave a note with instructions inside a newly-created text file named 'HowToRestoreYourFiles.txt.'

Ransom Note's Overview

Victims of the Rook Ransomware will be left with a lengthy ransom-demanding message. The note clarifies that victims have three days to establish contact with the hackers. Within that period, they also will receive a 50% discount on the ransom demanded by the attackers.

However, after three days, sensitive private files collected from the compromised systems will be published on a dedicated leak website. Each day more files will be released to the public. Rook Ransomware's victims also are allowed to send three locked files to be decrypted for free. The size of each chosen file should not exceed 1MB.

According to the note, the cybercriminals responsible for the Rook Ransomware can be reached via a website hosted on the TOR network. As an alternative communication channel, users can message the 'rook@onionmail.org' and 'securityRook@onionmail.org.'

It should be noted that the ransom note warns against contacting a security vendor or a law enforcement agency. If the hackers suspect that they are talking to such agencies, they threaten to destroy the decryption key, rendering all encrypted files unrecoverable.

The full text of the note is:

'-----------Welcome. Again. --------------------
[+]Whats Happen?[+]

Your files are encrypted,and currently unavailable. You can check it: all files on you computer has expansion robet.

By the way,everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

[+] What guarantees?[+]

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.

To check the file capacity, please send 3 files not larger than 1M to us, and we will prove that we are capable of restoring.

If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data,cause just we have the private key. In practise - time is much more valuable than money.

If we find that a security vendor or law enforcement agency pretends to be you to negotiate with us, we will directly destroy the private key and no longer provide you with decryption services.

You have 3 days to contact us for negotiation. Within 3 days, we will provide a 50% discount. If the discount service is not provided for more than 3 days, the files will be leaked to our onion network. Every more than 3 days will increase the number of leaked files.

Please use the company email to contact us, otherwise we will not reply.

[+] How to get access on website?[+]

You have two ways:

1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site:hxxps://torproject.org/
b) Open our website:gamol6n6p2p4c3ad7gxmx3ur7wwdwlywebo2azv3vv5qlmjmole2zbyd.onion

2) Our mail box:
a)rook@onionmail.org
b)securityRook@onionmail.org

c)If the mailbox fails or is taken over, please open Onion Network to check the new mailbox

!!!DANGER!!!
DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data.
!!!!!!!

AGAIN: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, please should not interfere.
!!!!!!!

ONE MORE TIME: Security vendors and law enforcement agencies, please be aware that attacks on us will make us even stronger.

!!!!!!!'