RSAUtil Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | May 3, 2017 |
| Last Seen: | May 20, 2018 |
| OS(es) Affected: | Windows |
The RSAUtil Ransomware is a ransomware Trojan that is used to extort computer users. The RSAUtil Ransomware will encrypt the victims' files and then demand the payment of a ransom. Computer users have reported the presence of a poorly-spelled pop-up message associated with the RSAUtil Ransomware. The following is the text contained in the RSAUtil Ransomware's pop-up message:
'Hello my friend!
All files on your PC encryphted!
my email: helppme@india.com or
hepll 112@aol.com'
Table of Contents
The Unfriendly Work of the RSAUtil Ransomware Trojan
The RSAUtil Ransomware is written in Delphi, which allows extortionists to modify the RSAUtil Ransomware easily and integrate this ransomware Trojan with the Windows operating system. The RSAUtil Ransomware's intended victims seem to be individual computer users and small businesses. The most common way in which the RSAUtil Ransomware is distributed is through corrupted email attachments. Con artists will deliver spam email messages that will include documents with corrupted macros that trick the victim into allowing the extortionists to execute corrupted code on the victim's computer. After the victim opens the corrupted file attachment, the RSAUtil Ransomware is installed and begins encrypting the victim's files in the background.
How the RSAUtil Ransomware Attacks Your Computer
The RSAUtil Ransomware receives its name because the main executable file used in the RSAUtil Ransomware attack is named 'RSAUtil.exe.' The RSAUtil Ransomware will scan all local drives and external memory devices connected to the infected computer (which can include such things as MP4 players and USB drives) and directories shared on the network. The RSAUtil Ransomware will then encrypt the files found on these locations using a combination of the RSA and AES encryptions. The RSAUtil Ransomware also will delete the System Restore points and the Shadow Volume Copies, both of which can sometimes be used for recovery in other attacks. The files that have been encrypted by the RSAUtil Ransomware Trojan will be marked with the file extension '.helppme@india.com.ID[8 CHRARACTERS.' After encrypting the victim's files, the RSAUtil Ransomware will display its ransom note in the form of a program window, which delivers the following text to the victim's computer:
'WARNING!!!
Your ID [8 CHARACTERS]
OUR FILES ARE DECRIPTED
Your documents, photos, database, save games and other important data was encrypted.
Data recovery the necessary interpreter. To get the interpreter, should send an email to helppme@india.com or hepl1112@aol.com.
In a letter to include Your personal ID (see the beginning of this document).
In response to the letter You will receive the address of your Bitcoin wallet to which you want to perform the transfer.
When money transfer is confirmed, You will receive the decrypter file for Your computer.
After starting the programm-interpreter, all Your files will be restored.
Attention! Do not attempt to remove a program or run the anti-virus tools.
Input key here
[TEXT BOX]'
The RSAUtil Ransomware's ransom note also is included in a text file named 'How_return_files.txt' dropped on the victim's Desktop and in the My Documents folder.
Dealing with the RSAUtil Ransomware
Malware analysts advise computer users to refrain from contacting the extortionists responsible for the RSAUtil Ransomware attack. In most cases, the victims of these attacks will not receive a decryption key after making the large payments the extortionists require. Furthermore, paying the RSAUtil Ransomware ransom allows extortionists to continue carrying out these attacks and targeting more victims. Because of this, take steps to prevent the RSAUtil Ransomware infections with the use of a reliable security program and learning to spot these email tactics. Having file backups can help limit the damage since computer users can restore the affected files quickly from the backup rather than having to deal with their loss. In fact, a good backup system on an external memory device will make computer users immune to the RSAUtil Ransomware and numerous other ransomware tactics completely, since the extortionists responsible for the attack lose any power they have over the victim.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.