RSA-NI Ransomware

RSA-NI Ransomware Description

The RSA-NI Ransomware is an encryption ransomware Trojan that seems to be related to the AES-NI Ransomware, a ransomware Trojan that was released in April 2017. The RSA-NI Ransomware was released in early December 2017 and uses a slight variation in its code from its predecessor. The most common way in which the RSA-NI Ransomware is delivered to victims is through the use of corrupted email attachments, which uses bad macro scripts that download and install the RSA-NI Ransomware onto victim's computers.

How the RSA-NI Ransomware Attack Works

The RSA-NI Ransomware tactic itself is not difficult to understand. The purpose of the RSA-NI Ransomware, just like other encryption ransomware Trojans is to make the victim's files inaccessible by using a combination of the AES and RSA encryptions. Ransomware threats like the RSA-NI Ransomware demand the payment of a ransom from the victim, usually by displaying a ransom note on the affected computer once the victim's files have been compromised. The RSA-NI Ransomware will target a wide variety of file types in its attack, which may include the following:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the RSA-NI Ransomware enciphers the files, they are not recoverable with current technology. Apart from encrypting the victim's files, the RSA-NI Ransomware will modify their names by adding the file extension '' to the end of each affected file. This seems to be the email address that the victims are urged to use to contact the people responsible for the RSA-NI Ransomware attack. PC security researchers counsel computer users against establishing contact with the people responsible for the RSA-NI Ransomware attack.

The Threat Contained on the RSA-NI Ransomware Ransom Note

The RSA-NI Ransomware delivers a ransom note demanding the payment of a ransom. It is delivered in the form of a text file named 'Attention!!! Your data breaches!!!.txt,' which is dropped on the infected computer system's desktop. The full text of the RSA-NI Ransomware ransom note reads:

'=========# the RSA-NI Ransomware #========
We hacked your server and copied your important data.
Please write us to the e-mail in 24 hours
After payment, Your data will be destroyed, Otherwise your data will be leaked to the public.
=========# the RSA-NI Ransomware #========'

Victims of the attack are directed to write to the cybercrooks with a specific ID number and then urged to pay a ransom using Bitcoins. The email addresses that have been linked to the RSA-NI Ransomware and its variants are:

Although the exact amount of the RSA-NI Ransomware ransom is unknown currently, these attacks demand a ransom between 500 and 2000 USD. Malware experts strongly advise computer users to stay away from paying the RSA-NI Ransomware ransom or contacting the people responsible for these attacks. Instead of paying the RSA-NI Ransomware's ransom, it is preferable to recover the affected files from a backup copy. This is why having file backups is so important; backup copies of your files is the best precaution against the RSA-NI Ransomware and other ransomware Trojans.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.