Rote Ransomware Description
Most cyber crooks who decide to dabble in ransomware creation tend to stick to well-trodden paths, meaning that altering the code of an already existing file-locking Trojan is the preferred method to go about creating a threat of this type. In 2019, the most active ransomware family, without a doubt, has been STOP Ransomware family. Threats that belong to this family are almost identical. Their authors tend only to alter the extension that the data-locking Trojan applies and sometimes the email addresses provided for contact. Recently, cybersecurity experts spotted a new variant of the STOP Ransomware in the wild. Its name is Rote Ransomware.
Propagation and Encryption
When the Rote Ransomware infiltrates a computer, it will look for all files that may be found on any regular user's computer – audio files, videos, images, documents, archives, presentations, spreadsheets, databases, etc. This ensures that no user will be left unaffected after an attack by the Rote Ransomware. However, we are not certain how the Rote Ransomware finds its way into a user's system. Some believe that the attackers may be relying on torrent trackers, fake software updates, fraudulent pirated copies of popular applications and mass spam email campaigns. When the Rote Ransomware encrypts a file, it makes sure to append a new extension at the end of the file name. The Rote Ransomware adds a '.rote' extension to the names of all the affected files. This means that if you had named a file 'pale-ale.mp3,' the Rote Ransomware would alter it to 'pale-ale.mp3.rote' after it has completed its encryption process.
The Ransom Note
In the next step of the attack, the Rote Ransomware drops its ransom note. The note is contained in a file named '_readme.txt.' In this note, the attackers make it clear that all users who manage to get in touch with them within three days of the attack taking place will have to pay $490. However, victims who miss this deadline will have to pay double the price - $980. The attackers claim that they are willing to decrypt one or two files free of charge in an attempt to prove to the victim that they have a decryption key that is compatible with their data. The victims are expected to contact the attackers via email – ‘email@example.com' and ‘firstname.lastname@example.org.'
Unfortunately, malware researchers are yet to crack this threat, and no free decryption tool is available for the victims of the Rote Ransomware. If you have fallen victim to this threat, we would recommend you to avoid contacting the attackers and instead trust a reputable anti-virus software solution to remove the threat from your system safely and make sure you do not find yourself in such an unpleasant situation again in the future.
Do You Suspect Your PC May Be Infected with Rote Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Rote Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.