Threat Database Ransomware Rubina5 Ransomware

Rubina5 Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 6,824
Threat Level: 80 % (High)
Infected Computers: 941
First Seen: October 30, 2017
Last Seen: September 16, 2023
OS(es) Affected: Windows

The Rubina5 Ransomware is an encryption ransomware Trojan that was first observed on October 26, 2017. The Rubina5 Ransomware can be identified easily because it encrypts the victim's files and adds the file extension '.rubina5' to each affected file's name. This is a behavior that is typical of these infections, which are designed to encrypt the PC users' files using a strong encryption algorithm to demand a ransom payment from the victim. PC security researchers suspect that the Rubina5 Ransomware may be related to other ransomware Trojans released previously, although the group that is carrying out the Rubina5 Ransomware attacks currently seems to be acting independently.

How the Rubina5 Ransomware Attack is Carried Out

Victims of the Rubina5 Ransomware receive a spam email message that includes a file attachment. These files may use corrupted macro scripts to download and install the Rubina5 Ransomware onto the victim's computer. Once the Rubina5 Ransomware is installed on the victim's computer, the Rubina5 Ransomware uses an effective encryption technique to make the victim's files inaccessible. The Rubina5 Ransomware targets the user-generated files, such as images, databases, configuration files, audio, video and office documents, while leaving intact the files necessary for the Windows operating system to function. This occurs because threats like the Rubina5 Ransomware need Windows to remain operational so that they can ask for a ransom payment from the victim. The Rubina5 Ransomware will search for specific file types on the victim's PC, which include:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Rubina5 Ransomware will work in the background to encrypt the victim's data, not alerting the victim of the attack until the victim's files have been made inaccessible.

How the Rubina5 Ransomware is Used to Generate Profits

The Rubina5 Ransomware delivers a text file named 'HOW_TO_DECRYPT_FILES.txt' that will be dropped on the victim's desktop after concluding the encryption of the victim's files. This text note contains the Rubina5 Ransomware's ransom note, which demands payment from the victims so that they can get the decryption key necessary to restore the affected files. The text of the Rubina5 Ransomware ransom note reads:

'Attention! All your files are encrypted!
To recover your files and access them,
send 0.015 Bitcoin (BTC) to the purse:
[33 RANDOM CHARACTERS]
For decoding please contact us by e-mail: s.holteman@aol.com
You have 5 attempts to enter the code. If this is exceeded
quantities, all data will irreversibly deteriorate. Be
careful when entering the code!'

Computer users should think carefully before contacting the people at the provided email address. The ransom payment, nearly 100 USD at the current exchange rate, does not guarantee that the victim will be able to restore the affected files. It is, in fact, just as likely that these people will demand a higher ransom payment or continue harassing the victim. Instead, they should take precautionary measures against the Rubina5 Ransomware and other ransomware Trojans.

Preventing a Rubina5 Ransomware Attack

The best protection against the Rubina5 Ransomware and similar threats is to have file backups in a highly protected location. Computer users that are wise enough to have file backups can recover their files after an attack. Apart from file backups, a security program suite should be used to prevent the Rubina5 Ransomware from being installed in the first place.

Trending

Most Viewed

Loading...