RSA-NI Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 1,930 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 660 |
| First Seen: | October 28, 2022 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
The RSA-NI Ransomware is an encryption ransomware Trojan that seems to be related to the AES-NI Ransomware, a ransomware Trojan that was released in April 2017. The RSA-NI Ransomware was released in early December 2017 and uses a slight variation in its code from its predecessor. The most common way in which the RSA-NI Ransomware is delivered to victims is through the use of corrupted email attachments, which uses bad macro scripts that download and install the RSA-NI Ransomware onto victim's computers.
How the RSA-NI Ransomware Attack Works
The RSA-NI Ransomware tactic itself is not difficult to understand. The purpose of the RSA-NI Ransomware, just like other encryption ransomware Trojans is to make the victim's files inaccessible by using a combination of the AES and RSA encryptions. Ransomware threats like the RSA-NI Ransomware demand the payment of a ransom from the victim, usually by displaying a ransom note on the affected computer once the victim's files have been compromised. The RSA-NI Ransomware will target a wide variety of file types in its attack, which may include the following:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the RSA-NI Ransomware enciphers the files, they are not recoverable with current technology. Apart from encrypting the victim's files, the RSA-NI Ransomware will modify their names by adding the file extension '.0x720x730x610x30@tutanota.com' to the end of each affected file. This seems to be the email address that the victims are urged to use to contact the people responsible for the RSA-NI Ransomware attack. PC security researchers counsel computer users against establishing contact with the people responsible for the RSA-NI Ransomware attack.
The Threat Contained on the RSA-NI Ransomware Ransom Note
The RSA-NI Ransomware delivers a ransom note demanding the payment of a ransom. It is delivered in the form of a text file named 'Attention!!! Your data breaches!!!.txt,' which is dropped on the infected computer system's desktop. The full text of the RSA-NI Ransomware ransom note reads:
'=========# the RSA-NI Ransomware #========
IMPORTANT: [EDITED] and [EDITED]
We hacked your server and copied your important data.
Please write us to the e-mail in 24 hours 0x720x730x610x30@tutanota.com 0x720x730x610x31@tutanota.com
After payment, Your data will be destroyed, Otherwise your data will be leaked to the public.
=========# the RSA-NI Ransomware #========'
Victims of the attack are directed to write to the cybercrooks with a specific ID number and then urged to pay a ransom using Bitcoins. The email addresses that have been linked to the RSA-NI Ransomware and its variants are:
0xc030@protonmail.ch
0xc030@tuta.io
aes-ni@scryptmail.com
0x720x730x610x31@tutanota.com
Although the exact amount of the RSA-NI Ransomware ransom is unknown currently, these attacks demand a ransom between 500 and 2000 USD. Malware experts strongly advise computer users to stay away from paying the RSA-NI Ransomware ransom or contacting the people responsible for these attacks. Instead of paying the RSA-NI Ransomware's ransom, it is preferable to recover the affected files from a backup copy. This is why having file backups is so important; backup copies of your files is the best precaution against the RSA-NI Ransomware and other ransomware Trojans.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.