RURansom Ransomware

The vast majority of ransomware threats are deployed by financially-motivated threat actors, who want to earn profits by extorting their victims for money. As such, malware threats in this category are designed specifically to affect as many important file types as possible and render them completely unusable via a strong encryption process. In these instances, it is important for the hackers to be able to restore all affected data because, otherwise, the victims will have no incentive to pay up. However, the RURansom Ransomware threat is different.

It too is equipped with encryption capabilities that utilize a military-grade cryptographic algorithm. The goal of its operators is not the take advantage of its victims for their own benefit. Indeed, according to the ransom note that the threat drops on the breached systems, the attackers have released the RURansom Ransomware as a response to the Russian invasion of the country of Ukraine. They outline their motives in a message found inside text files named 'Полномасштабное_кибервторжение.txt' that will be created on the desktop of the system, as well as inside numerous folders.

According to the findings of the cybersecurity experts, some RURansom Ransomware versions scan the IP address of systems they have infiltrated to ascertain if the machine is located in Russia. Only upon a positive match would the threat continue with its threatening programming. To maximize the damage it inflicts, RURansom also deletes backup files with the '.bak' file extension. Another peculiar characteristic is that the threat doesn't modify the names of the files it encrypts.

The entire message delivered by RURansom Ransomware in its original Russian is:

'24 февраля президент Владимир Путин объявил войну Украине.
Чтобы противостоять этому, я, создатель RU_Ransom, создал эту вредоносную программу для нанесения ущерба России. Вы купили это себе, господин президент.
Нет никакого способа расшифровать ваши файлы. Никакой оплаты, только ущерб. И да, это "миротворчество", как это делает Влади Папа, убивая невинных мирных жителей
И да, это было переведено с бангла на русский с помощью Google Translate…'