Rsalive Ransomware
The Rsalive Ransomware is one of the latest ransomware threats that malware researchers have spotted. Once they studied this newly uncovered file-locking Trojan, cybersecurity experts found out that it belongs to the Scarab Ransomware family.
Spreading and Encryption
It is not yet clear what are the propagation methods employed in the spreading of the Rsalive Ransomware. Some believe that mass spam email campaigns, fake application updates, and pirated copies of popular software tools may be some of the infection vectors employed by the creators of the Rsalive Ransomware. Regardless of the propagation method, once the Rsalive Ransomware infects your PC, the first step of the attack is the scanning of your data. This is done so that the Rsalive Ransomware can determine the locations of the files that it was programmed to target. Then, the Rsalive Ransomware will begin locking the targeted files. Once the Rsalive Ransomware encrypts a file, it also changes its filename. This ransomware threat adds a '.rsalive' extension at the end of the name of each locked file. For example, a file named 'Hapa-Charm.jpg' will be renamed to 'Hapa-Charm.jpg.rsalive.'
The Ransom Note
Then, the Rsalive Ransomware goes on to drop a ransom note called 'HOW TO RECOVER ENCRYPTED FILES.txt.' Creators of ransomware threats often use all caps in the naming of their ransom notes as this reduces the chance of their message being overlooked by the victim. The note reads:
’******************************************************************************************
Your Files are Now Encrypted!
******************************************************************************************
All your files have been encrypted due to a security problem with your PC.
Now you need to buy a Recovery Key! Recovery Key price is ~ $200 in Bitcoins.
If you are ready to buy a Recovery Key -> Send (0.025) Bitcoin Wallet.
Bitcoin Wallet -> 12GFeyrq3RgeLfGSxs3qWn7RnUQW14Ndda (0.025)
After that write to us on email address: recoverysupp@aol.com
After payment we will send you the decryption tool that will decrypt all your files.
You should send us email with your Personal Identifier.
******************************************************************************************
Free Decryption as Guarantee!
******************************************************************************************
Free decryption as guarantee!
Before paying you can send us up to 1 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
https://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.
******************************************************************************************
Your Personal Identifier:
---
******************************************************************************************’
In the note, the attackers specify that the ransom fee is $200 in Bitcoin. They also provide an email address where the user can get in touch with them – 'recoverysupp@aol.com' Furthermore, the authors of the Rsalive Ransomware offer to decrypt one file free of charge, as long as it is no larger than 10MB.
We would recommend you to ignore the message of the attackers and keep your distance from shady individuals online like the ones responsible for the Rsalive Ransomware. A safer approach is to download and install a legitimate anti-virus application, which will not only rid you of the Rsalive Ransomware but will keep your system safe in the future too.
