Rozlok Ransomware

The Rozlok Ransomware is an encryption ransomware Trojan. These threats are used to extract a ransom payment from the victims by taking their files hostage. They function by using a strong encryption algorithm to make the victim's files inaccessible and then demand that the victim pay a ransom in exchange for the decryption key that is needed to restore the affected files.

Some Particularities of the Rozlok Ransomware

The Rozlok Ransomware is one of two new updates to the RSA2048Pro Ransomware, a ransomware Trojan that was observed in August of 2017. The Rozlok Ransomware is part of a spam email campaign that is used to deliver either the Rozlok Ransomware or the Pulpy Ransomware to the victims. The Rozlok Ransomware attacks were observed on December 26, 2017. Both ransomware Trojans are identical virtually and only differ in small details such as the email address that is used to establish contact between the cybercrooks and the victims. The Rozlok Ransomware and other threats of this type are typically delivered through spam email attachments. In the case of the Rozlok Ransomware, the culprit is usually a DOCX file with an embedded macro script that downloads and installs the Rozlok Ransomware onto the victim's computer.

How the Rozlok Ransomware Attack Works

The Rozlok Ransomware is not different from most encryption ransomware Trojans. The Rozlok Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. The Rozlok Ransomware targets commonly used file types, which may include image, video, sound and text files. The Rozlok Ransomware targets a wide array of the user-generated files, which may include the following:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Rozlok Ransomware will mark the affected files with the file extension '.AES,' which is added to the end of each affected file's name. The Rozlok Ransomware uses the AES 256 encryption to encrypt the victim's files, which makes the encryption nearly impossible to break with the current technology. The Rozlok Ransomware demands a ransom payment from the victim, typically by asking the victim to first contact its perpetrators via email. To do this, the Rozlok Ransomware drops multiple copies of a text file named 'Instruction.txt' on the affected computer. That is the Rozlok Ransomware's ransom note. The Rozlok Ransomware's ransom note contains the following text:

'Hi, all your files have been encrypted. You can decipher if you write to me on the mail:pulpy2@cock.li Otherwise, all your files will be deleted within 2 days without any problems!'

Protecting Your Data from Threats Like the Rozlok Ransomware

The most effective way of ensuring that your data is safe from threats like the Rozlok Ransomware is to have backup copies of your files saved on a detachable memory device or the cloud. If you have file backups, then recovering from a Rozlok Ransomware attack is as simple as deleting the affected files and the Rozlok Ransomware from your computer and then restoring the affected data from the backup copy. Although the Rozlok Ransomware Trojan itself can be easily removed with a capable security program, the files encrypted by the Rozlok Ransomware attack cannot be recovered without the decryption key, which the people responsible for the Rozlok Ransomware will hold in their possession. The key to safeguard your computer is to be careful with unsolicited spam email messages since it simple act can avoid these attacks in the first place.