Rxx Ransomware Description
Rxx ransomware is a file-locking virus that affects Windows computers. What makes Rxx stand out is that it is a member of the Dharma ransomware family, which includes viruses such as YKUP and 8880. Much like other encrypting ransomware, Rxx encrypts the files on a computer with an algorithm that makes it impossible to access files. The virus will also attempt to delete any shadow volume copies on a computer, which will make restoring files even more difficult.
The ransomware is known to infect all versions of Windows. It runs through an executable file that scans files on the system looking for files it can encrypt. In particular, it looks for important documents, images, and videos. It targets specific file extensions including .doc and .pdf. When it detects a file it can encrypt, it changes the file extension to [firstname.lastname@example.org].rxx. This change makes it impossible to access and open the files.
Once it has finished encrypting everything, the virus creates a ransom note in infected folders. It also places one on the desktop. The following is what the ransom note will look like and say;
Rxx ransomware ransom note
YOUR FILES ARE ENCRYPTED
Don’t worry,you can return all your files!
If you want to restore them, follow this link:email email@example.com YOUR ID ********
If you have not been answered via the link within 12 hours, write to us by e-mail:firstname.lastname@example.org
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
When Did Rxx Appear?
The first cases of Rxx appeared around early March 2020. The virus hit English-speaking users in particular. It didn’t take long before it started to spread across the internet and infect users across the world, though. Now anyone can find themselves dealing with the ransom note seen above.
What Can I Do About an Rxx Infection?
Most people’s first instinct in this kind of situation would be just to pay the ransom. The cybercriminals don’t outright say how much the ransom demand is, but evidence has shown it can be up to several thousand dollars depending on the network and computer. The more information the attackers have, the more they will demand for it. They may also threaten to publish the information to the public if their demands aren’t met.
Security researchers always advocate that targets must never pay the ransom. There are no guarantees that the attacker will deliver on the promised decryption key. There are also no promises that it will even work if they did, or that they won’t just infect your computer again. These viruses are programmed for persistence. Even if you think you’ve removed it, there could still be traces of it on your computer. Those traces are enough for a re-infection.
What you want to do is find a way to remove the Rxx ransomware safely. You may need the help of a specialized anti-malware tool to do that. If you’re having trouble finding, installing, and using a program because of the ransomware, you will have to restart your computer in Safe Mode With Networking.
Once you’ve taken steps to remove the virus, and verified it is gone, you can get to work on restoring your computer and files. If you have a backup, then it makes the process much easier. The threat of viruses and data loss is just one reason to keep backups. If you don’t have one, then all is not lost. There are several programs out there designed to find lost and restore lost files.
Prevention is Better Than the Cure
One thing to note with Rxx ransomware, and indeed any other kind of ransomware, is that prevention will always be better than the cure. Take steps to protect yourself online and reduce the risk of infection. It’s much easier than trying to remove Rxx ransomware and restore files.