A new ransomware known as RarVault has started infecting users. The virus mainly targets Russian-speaking victims, though it can spread to anyone on the web. The virus claims to use the AES-256 encryption algorithm. What’s untypical about RarVault is that the virus archives the files it encrypts. The ransomware scammers demand payment of 1 to 50 BitCoin for the decryption of the infected files. 1 BTC is about $600.
RarVault Ransomware Virus
RarVault isn’t your typical ransomware when it comes to encryption, but It does use the most common way of virus distribution – infected email spam. Crooks send people legitimate looking email. If they’re opened, a malicious attachment may be downloaded. That will start the infection. The emails are written in Russian.
RarVault Ransomware Virus- More Details
The ransomware likely uses the strong AES-256 encryption. It moves all encrypted files in a RAR archive that’s locked. The key to the locked files is 127 characters long and contains symbols from 2 languages. The crooks want victims to contact them to negotiate a price for the decryption. Infected users should send the crooks some of the files. The ransomwared PC will have a text message on it, saying:
Ваши документы и файлы были перемещены в архив
Для их восстановить их необходимо Ваш получить пароль
Перейдите на наш сайт:
hXXp://RarVault.myfreesites(dot)net/
Напишете нам писмо:
RarVault@ruggedinbox.com
Here’s a Translation in English:
Your documents and files have been moved to the archive
To restore them you should get your password
Go to our website:
hXXp://RarVault.myfreesites (dot) net /
Write us a letter:
RarVault@ruggedinbox.com
The site given in the ransomware note looks like this:
Once the system is infected, it’s also scanned by the ransomware to find particular files to encrypt. The files types are often:
- Videos
- Documents
- Music and other audio files
- Files from popular programs
The crooks target these files as they’re most likely to be important to the infected users. Thus they’ll want to get them back.
RarVault Ransomware Virus – Conclusion
The RAR archive tactic that the RarVault ransomware uses is untypical, as these viruses usually encrypt all files one by one. The 127 character password is very hard to crack. It would take specialized hardware and a few hundred years of work to crack it completely. The ransom sum that the cyber scammers are asking for is huge, 1-50 BTC. It’s probably a ploy to scare victims into paying a larger ransom, as nobody would pay 50 BTC, which is around 30, 000 dollars.
If you ask any cyber security expert, the chances are that he’ll advise you against paying the sum that the crooks demand, no matter how big or small it is. There isn’t a guarantee that the crooks would even look at your files, they can just put the money in their pockets and leave your computer locked. It’s not an uncommon occurrence. It’s always best to search for alternative ways to escape the ransomware trap, like removing it manually, or waiting for a decryptor.