Roshalock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 20 |
| First Seen: | March 13, 2017 |
| Last Seen: | February 28, 2021 |
| OS(es) Affected: | Windows |
The Roshalock Ransomware is a ransomware Trojan that locks the victim's files in an archive file that is protected with a password. These variants of ransomware infections first started to appear in 2017 and seem to be gaining popularity. Rather than encrypting the files using a strong encryption algorithm, the variants in this hoax such as the Roshalock Ransomware will move the files into archives such a RAR or 7Z files. The Roshalock Ransomware targets 2634 file extensions in its attack and is capable of affecting most of the computer users' files. The files encrypted by the Roshalock Ransomware will be placed into a RAR file named 'All_Your_Documents.rar' that will be saved in its own directory by the same name. The Roshalock Ransomware delivers its ransom note in the form of a text file named 'All Your Files in Archive!.txt,' which is dropped on the victim's Desktop.
Table of Contents
The Roshalock Ransomware Infection and Its Consequences
The Roshalock Ransomware is designed to take the victims' files hostage to obtain a ransom payment from the victim. The Roshalock Ransomware locks the victims' files in an RAR archive that is password protected. In its text ransom note, the Roshalock Ransomware asks for money in five different languages: English, French, Spanish, German and Italian. In its instructions, the Roshalock Ransomware asks the victim to download WinRAR and the TOR browser. The payment website is accessed through the TOR network. The people responsible for the Roshalock Ransomware demand payment in BitCoins, threatening to increase the ransom by 0.05 BitCoin every day. PC security researchers strongly advise computer users to avoid paying the ransom or following any of these people's instructions. It is unlikely that con artists will follow through on their promise to help computer users recover their files after an attack.
How the Roshalock Ransomware Attack Works
The Roshalock Ransomware has appeared in two versions, which ask for different ransom amounts, ranging from 0.35 to 1.05 BitCoins. Unfortunately, once the files have been compromised by the Roshalock Ransomware attack, they become unrecoverable without the password for the RAR archive. Because of this, the best method for dealing with the Roshalock Ransomware is having file backups and other protections in place. PC security researchers have received reports that the Roshalock Ransomware is being distributed through bogus 'excel file repair' software. There are numerous other ways in which the Roshalock Ransomware and similar malware may spread, however. The most common means of distributing threats like the Roshalock Ransomware is through the use of corrupted email attachments, which are delivered to unsuspecting victims. The Roshalock Ransomware also may be installed by hacking into a computer or network directly. Other forms of exposure include exploit kits and attack websites.
Protecting Your Computer from Threats Like the Roshalock Ransomware
Since the Roshalock Ransomware requires a distribution method to enter a computer, it is important that computer users take steps to ensure that their exposure to threats like the Roshalock Ransomware is kept to a minimum. Malware analysts advise that computer users handle emails and unsolicited email attachments with extra caution and refrain from installing any unknown software or visiting websites that could be used to distribute unsafe content. Having a reliable security program that is fully up-to-date installed on a computer can help intercept threats like the Roshalock Ransomware before they manage to cause too much damage to a computer.
Dealing with the Roshalock Ransomware Infection
Unfortunately, the files that have been placed into an archive by the Roshalock Ransomware are unrecoverable until computer users manage to get access to the password. Because of this, if the Roshalock Ransomware has compromised your computer it will be necessary to restore the affected files from a backup. PC security researchers recommend removing the Roshalock Ransomware infection itself with a reliable security application and then wiping and restoring the affected directories.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.