Threat Database Ransomware RotorCrypt Ransomware

RotorCrypt Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 10
First Seen: November 3, 2016
Last Seen: July 23, 2019
OS(es) Affected: Windows

The RotorCrypt Ransomware, which is also known as RotoCrypt, is a threat infection designed to take the victims' data hostage. The RotorCrypt Ransomware was first observed on October 17, 2017, and it carries out an effective version of a well-known attack. The RotorCrypt Ransomware has multiple versions that have all been used simultaneously. Studies from PC security researchers seem to indicate that almost a dozen different versions of the RotorCrypt Ransomware were employed in the initial attacks detected involving the RotorCrypt Ransomware. The RotorCrypt Ransomware, like many other ransomware Trojans, is being delivered to victims as a file attachment in spam email messages. The RotorCrypt Ransomware is designed to infect computers running the Windows operating system. The RotorCrypt Ransomware is capable of infecting the latest versions of the Windows operating system and has been observed with the following file names on the infected computers:

dead rdp.exe
ins.exe
GWWABPFL.EXE

Why You should Prevent a RotorCrypt Ransomware Infection

There is very little to differentiate the RotorCrypt Ransomware from the numerous other encryption ransomware Trojans that have been observed carrying out similar attacks. The RotorCrypt Ransomware is designed to encrypt the victim's files and target the user-generated files, which can range from media files to documents, or configuration files, databases, and archives. Threats like the RotorCrypt Ransomware strive to infect as much of the victim's data as possible while avoiding system files and other files that Windows needs to function (since, if Windows stop working, then the RotorCrypt Ransomware would not be able to demand a ransom payment from the victim). Some examples of the file types that may be compromised by ransomware attacks such as the RotorCrypt Ransomware include:

.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.

Trojans like the RotorCrypt Ransomware will mark the files encrypted by the attack by adding a custom file extension to the affected files. Since there are multiple versions of the RotorCrypt Ransomware being used in attacks on computer users, there also are multiple file extensions that have been associated with the RotorCrypt Ransomware attack (as well as multiple contact emails used by the crooks to communicate with the victim's of the attack). The file extensions that have been observed in different the RotorCrypt Ransomware variants are:

!-=solve a problem=-=grandums@gmail.com=-.PRIVAT66
!___ELIZABETH7@PROTONMAIL.COM____.c400
!_____DILIGATMAIL7@tutanota.com_____.OTR
!_____FIDEL4000@TUTAMAIL.COM______.biz
!_____GEKSOGEN911@GMAIL.COM____.c300
!_____INKASATOR@TUTAMAIL.COM____.ANTIDOT
!_____LIKBEZ77777@GMAIL.COM____.c400
PATAGONIA5000@PROTONMAIL.COM

Computer users should refrain from communicating with the people responsible for the RotorCrypt Ransomware attack. Instead, they should take precautions to ensure that their data is protected from the RotorCrypt Ransomware and similar infections. File backups are the most effective protection against threats like the RotorCrypt Ransomware.

Do not Trust the People Responsible for the RotorCrypt Ransomware

Some variants of the RotorCrypt Ransomware will offer to restore some files for free. However, do not trust that it will be true. Generally, once the payment is carried out, these people will ignore the victim or demand additional amounts of money. Even if they agree to restore the victim's files, the victim may be targeted for additional attacks (having once shown a willingness to pay). One important reason why it is important to refrain from paying the RotorCrypt Ransomware ransom or interacting with these crooks is that paying the RotorCrypt Ransomware ransom allows them to continue creating and releasing these threats.

Trending

Most Viewed

Loading...