Rubina5 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 6,824 |
Threat Level: | 80 % (High) |
Infected Computers: | 941 |
First Seen: | October 30, 2017 |
Last Seen: | September 16, 2023 |
OS(es) Affected: | Windows |
The Rubina5 Ransomware is an encryption ransomware Trojan that was first observed on October 26, 2017. The Rubina5 Ransomware can be identified easily because it encrypts the victim's files and adds the file extension '.rubina5' to each affected file's name. This is a behavior that is typical of these infections, which are designed to encrypt the PC users' files using a strong encryption algorithm to demand a ransom payment from the victim. PC security researchers suspect that the Rubina5 Ransomware may be related to other ransomware Trojans released previously, although the group that is carrying out the Rubina5 Ransomware attacks currently seems to be acting independently.
Table of Contents
How the Rubina5 Ransomware Attack is Carried Out
Victims of the Rubina5 Ransomware receive a spam email message that includes a file attachment. These files may use corrupted macro scripts to download and install the Rubina5 Ransomware onto the victim's computer. Once the Rubina5 Ransomware is installed on the victim's computer, the Rubina5 Ransomware uses an effective encryption technique to make the victim's files inaccessible. The Rubina5 Ransomware targets the user-generated files, such as images, databases, configuration files, audio, video and office documents, while leaving intact the files necessary for the Windows operating system to function. This occurs because threats like the Rubina5 Ransomware need Windows to remain operational so that they can ask for a ransom payment from the victim. The Rubina5 Ransomware will search for specific file types on the victim's PC, which include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Rubina5 Ransomware will work in the background to encrypt the victim's data, not alerting the victim of the attack until the victim's files have been made inaccessible.
How the Rubina5 Ransomware is Used to Generate Profits
The Rubina5 Ransomware delivers a text file named 'HOW_TO_DECRYPT_FILES.txt' that will be dropped on the victim's desktop after concluding the encryption of the victim's files. This text note contains the Rubina5 Ransomware's ransom note, which demands payment from the victims so that they can get the decryption key necessary to restore the affected files. The text of the Rubina5 Ransomware ransom note reads:
'Attention! All your files are encrypted!
To recover your files and access them,
send 0.015 Bitcoin (BTC) to the purse:
[33 RANDOM CHARACTERS]
For decoding please contact us by e-mail: s.holteman@aol.com
You have 5 attempts to enter the code. If this is exceeded
quantities, all data will irreversibly deteriorate. Be
careful when entering the code!'
Computer users should think carefully before contacting the people at the provided email address. The ransom payment, nearly 100 USD at the current exchange rate, does not guarantee that the victim will be able to restore the affected files. It is, in fact, just as likely that these people will demand a higher ransom payment or continue harassing the victim. Instead, they should take precautionary measures against the Rubina5 Ransomware and other ransomware Trojans.
Preventing a Rubina5 Ransomware Attack
The best protection against the Rubina5 Ransomware and similar threats is to have file backups in a highly protected location. Computer users that are wise enough to have file backups can recover their files after an attack. Apart from file backups, a security program suite should be used to prevent the Rubina5 Ransomware from being installed in the first place.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.