Rsalive Ransomware

Rsalive Ransomware Description

The Rsalive Ransomware is one of the latest ransomware threats that malware researchers have spotted. Once they studied this newly uncovered file-locking Trojan, cybersecurity experts found out that it belongs to the Scarab Ransomware family.

Spreading and Encryption

It is not yet clear what are the propagation methods employed in the spreading of the Rsalive Ransomware. Some believe that mass spam email campaigns, fake application updates, and pirated copies of popular software tools may be some of the infection vectors employed by the creators of the Rsalive Ransomware. Regardless of the propagation method, once the Rsalive Ransomware infects your PC, the first step of the attack is the scanning of your data. This is done so that the Rsalive Ransomware can determine the locations of the files that it was programmed to target. Then, the Rsalive Ransomware will begin locking the targeted files. Once the Rsalive Ransomware encrypts a file, it also changes its filename. This ransomware threat adds a '.rsalive' extension at the end of the name of each locked file. For example, a file named 'Hapa-Charm.jpg' will be renamed to 'Hapa-Charm.jpg.rsalive.'

The Ransom Note

Then, the Rsalive Ransomware goes on to drop a ransom note called 'HOW TO RECOVER ENCRYPTED FILES.txt.' Creators of ransomware threats often use all caps in the naming of their ransom notes as this reduces the chance of their message being overlooked by the victim. The note reads:

’******************************************************************************************
Your Files are Now Encrypted!
******************************************************************************************
All your files have been encrypted due to a security problem with your PC.
Now you need to buy a Recovery Key! Recovery Key price is ~ $200 in Bitcoins.
If you are ready to buy a Recovery Key -> Send (0.025) Bitcoin Wallet.
Bitcoin Wallet -> 12GFeyrq3RgeLfGSxs3qWn7RnUQW14Ndda (0.025)
After that write to us on email address: recoverysupp@aol.com
After payment we will send you the decryption tool that will decrypt all your files.
You should send us email with your Personal Identifier.
******************************************************************************************
Free Decryption as Guarantee!
******************************************************************************************
Free decryption as guarantee!
Before paying you can send us up to 1 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
https://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:

How Can I Buy Bitcoin?


Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.
******************************************************************************************
Your Personal Identifier:
---
******************************************************************************************’

In the note, the attackers specify that the ransom fee is $200 in Bitcoin. They also provide an email address where the user can get in touch with them – 'recoverysupp@aol.com' Furthermore, the authors of the Rsalive Ransomware offer to decrypt one file free of charge, as long as it is no larger than 10MB.

We would recommend you to ignore the message of the attackers and keep your distance from shady individuals online like the ones responsible for the Rsalive Ransomware. A safer approach is to download and install a legitimate anti-virus application, which will not only rid you of the Rsalive Ransomware but will keep your system safe in the future too.

Do You Suspect Your PC May Be Infected with Rsalive Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Rsalive Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.