RSA-NI Ransomware

RSA-NI Ransomware Description

The RSA-NI Ransomware is an encryption ransomware Trojan that seems to be related to the AES-NI Ransomware, a ransomware Trojan that was released in April 2017. The RSA-NI Ransomware was released in early December 2017 and uses a slight variation in its code from its predecessor. The most common way in which the RSA-NI Ransomware is delivered to victims is through the use of corrupted email attachments, which uses bad macro scripts that download and install the RSA-NI Ransomware onto victim's computers.

How the RSA-NI Ransomware Attack Works

The RSA-NI Ransomware tactic itself is not difficult to understand. The purpose of the RSA-NI Ransomware, just like other encryption ransomware Trojans is to make the victim's files inaccessible by using a combination of the AES and RSA encryptions. Ransomware threats like the RSA-NI Ransomware demand the payment of a ransom from the victim, usually by displaying a ransom note on the affected computer once the victim's files have been compromised. The RSA-NI Ransomware will target a wide variety of file types in its attack, which may include the following:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the RSA-NI Ransomware enciphers the files, they are not recoverable with current technology. Apart from encrypting the victim's files, the RSA-NI Ransomware will modify their names by adding the file extension '.0x720x730x610x30@tutanota.com' to the end of each affected file. This seems to be the email address that the victims are urged to use to contact the people responsible for the RSA-NI Ransomware attack. PC security researchers counsel computer users against establishing contact with the people responsible for the RSA-NI Ransomware attack.

The Threat Contained on the RSA-NI Ransomware Ransom Note

The RSA-NI Ransomware delivers a ransom note demanding the payment of a ransom. It is delivered in the form of a text file named 'Attention!!! Your data breaches!!!.txt,' which is dropped on the infected computer system's desktop. The full text of the RSA-NI Ransomware ransom note reads:

'=========# the RSA-NI Ransomware #========
IMPORTANT: [EDITED] and [EDITED]
We hacked your server and copied your important data.
Please write us to the e-mail in 24 hours 0x720x730x610x30@tutanota.com 0x720x730x610x31@tutanota.com
After payment, Your data will be destroyed, Otherwise your data will be leaked to the public.
=========# the RSA-NI Ransomware #========'

Victims of the attack are directed to write to the cybercrooks with a specific ID number and then urged to pay a ransom using Bitcoins. The email addresses that have been linked to the RSA-NI Ransomware and its variants are:

0xc030@protonmail.ch
0xc030@tuta.io
aes-ni@scryptmail.com
0x720x730x610x31@tutanota.com

Although the exact amount of the RSA-NI Ransomware ransom is unknown currently, these attacks demand a ransom between 500 and 2000 USD. Malware experts strongly advise computer users to stay away from paying the RSA-NI Ransomware ransom or contacting the people responsible for these attacks. Instead of paying the RSA-NI Ransomware's ransom, it is preferable to recover the affected files from a backup copy. This is why having file backups is so important; backup copies of your files is the best precaution against the RSA-NI Ransomware and other ransomware Trojans.

Do You Suspect Your PC May Be Infected with RSA-NI Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like RSA-NI Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.