Threat Database Ransomware Ruby Ransomware

Ruby Ransomware

By GoldSparrow in Ransomware

The Ruby Ransomware is an encryption Trojan that is used to extort computer users. The Ruby Ransomware is one of the countless ransomware Trojans based on HiddenTear, the open source ransomware engine released in Summer of 2015 that has since spawned numerous variants. The Ruby Ransomware was first observed in late Spring of 2017 and seems to be in a testing phase currently.

The Ruby Ransomware Pretends to be a Game to Induce Its Victims to Download It

The Ruby Ransomware was released in the same way as other recently released Trojans such as the Click Me Ransomware, which are advertised as some game. Most ransomware Trojans are distributed through the use of corrupted email attachments or by hacking into victims' computers. In the case of the Ruby Ransomware, this Trojan is being released through the use of an application named 'Ruby.' The computer user is asked to click on two buttons, resulting in the encryption of their data. This is the same case as with Click Me and other ransomware Trojans that use a similar 'game' tactic. The Ruby Ransomware will show up in the Windows Task Manager as 'ruby.exe.'

How the Ruby Ransomware Encryption Process Works

The Ruby Ransomware will display a small message on the infected computer, which reads: 'Welcome to the Ruby Ransomware.' This message includes two buttons. The first of these buttons is labeled 'CLICK HERE FOR PREMIUM KNOWLEDGE,' which initiates the encryption routine, making the infected computer's files inaccessible. In its encryption process, the Ruby Ransomware will target user-generated files that may include text files, media files, images, databases and files generated with software such as Microsoft Office, Adobe Photoshop and Libre Office. After encrypting the victim's files, the Ruby Ransomware will play a sound notification, and then the victim is prompted to click on the button marked 'CLICK FOR IDENTIFIER,' which displays a new message that reads 'This is your system identifier, it has been copied to your clipboard!.' Clicking on OK displays a new message that reads 'Check desktop for rubyLeza.html and Read it carefully for instructions.' The HTML file mentioned in this message includes instructions on how to purchase BitCoins and pay the Ruby Ransomware ransom to recover from the infection. The files that have been encrypted by the Ruby Ransomware attack will be renamed to include the file extension '.ruby' at the end of the original file's name.

Some Details of the Ruby Ransomware Infection

It is clear that the Ruby Ransomware is still in a testing phase, and future versions of the Ruby Ransomware are likely to alter the attack to make it more effective and difficult to dodge. Although the delivery method is unusual and may be due to test the nature of this version of the Ruby Ransomware or it being an alternate version of a different threat, the Ruby Ransomware does carry out an effective ransomware attack. The Ruby Ransomware will make the files inaccessible and, as with most ransomware Trojans active currently, not recoverable.

Protecting Your Computer from Trojans Like the Ruby Ransomware

The best protection against ransomware Trojans like the Ruby Ransomware is to have file backups. While an updated security program is a necessary part of protecting your computer from threats, including other infections, it is also necessary to have file backups to recover data that would otherwise be lost in the event of a Ruby Ransomware attack. In the case of these infections, it is not a good idea to pay the ransom the con artists demand since this allows them to create more threats, ignore the ransom payment or even reinfect the victim's computer after the ransom has been paid. Instead, remove the Ruby Ransomware with a reliable security program and restore the affected files from a backup copy.

Related Posts

Trending

Most Viewed

Loading...