A new version of Rijndael also known as DN Ransomware has recently been spotted in the wild. The threat is a crypto virus that employs the Rijndael block cipher to encrypt certain file types and restrict their regular usage. All corrupted files receive the malicious extension .fucked and hackers demand an amount of 0.5 BTC ransom for the decryption key. Do not believe criminals the decryptor for the previous ransomware variant is not working. Keep reading and safe your PC and data.
Rijndael Ransomware Impact
The third name of Rijndael is Ransom by humanpuff69. It is known that an executable file Rijndael.exe is used for the beginning of the infection process. So once the malicious file is running on the computer, Rijndael ransomware accesses all target folders and Windows registries in order to fulfill the attack. It can create files, read, change and modify system settings during the infection.
Primarily its purpose is to scan all drives for all target file types that are stated in its encoding set. When it detects a file type match, the ransomware employs Rijndael algorithm that encodes the file, makes it inaccessible and adds the suffix .fucked as a new file extension. Commonly used files that contain critical information like documents, text files, MS Office files, PDF, images, videos, music, archives and other are most likely to be encrypted by Rijndael ransomware and receive the .fucked extension.
Finally, Rijndael ransomware displays a window on the desktop that depicts the message left by the crooks and provides a field where you can enter the decryption key. The whole text reads as follow:
Your Computer files is encrypted all files is encrypted with extremely powerfull new RIJNDAEL encryption that no one can break except you have a private string and IVs
To Decrypt Your File You Should Pay Me 0.5 BTC (864.98 USD)
Contact Me : [email protected]
insert your code here:
[Decrypt!] – button
The analysis of its samples reveals that it is designed to modify proxy settings and read information about the supported languages. It is most likely to target English speakers; however, presumably it may try to spoof PC users worldwide.
Methods of Distribution
The infection may be triggered with the help of a Trojan dropped on the computer. Hackers are most likely to distribute the malicious software via spam email campaigns. This method allows them to impersonate legitimate sources in order to trick users into clicking a link or downloading an attached file. These two components may cause an infection with Rijndael ransomware. A link’s destination will probably be a web page with compromised source code. Thus the malicious code injected by the hackers will trigger an unnoticeable download of all ransomware payloads. Once they are on the PC, the infection process starts automatically. The file attachments may be documents, PDF files or archives with abused content. The infection can begin when the malicious file is opened.
Social and other types of file sharing networks may also be used by cyber criminals as a mean of Rijndael ransomware dissemination.
It is also possible to witness a ransomware infection after you download a freeware from shady websites. The bundling technique allows criminals to conceal the malicious code and make you feel like the content is safe.
Remove Rijndael Ransomware and Decrypt .Fucked Files
First, you need to ensure that the system is malware free. Otherwise, Rijndael will repeatedly encrypt your records. A reliable antivirus solution can do this for you.
Then you need to create reserve copies of the encrypted files. Otherwise, the files may be damaged during the decryption process.
The good news is that the malware researcher Michael Gillespie has created a decryption tool that can help you to restore .fucked files after the removal. You can download it from the following link: StupidDecrypter
Summary of Rijndael Ransomware
Name |
Rijndael Ransomware |
File Extension |
.fucked |
Ransom |
0.5 BTC |
Easy Solution |
You can skip all steps and remove Rijndael ransomware with the help of an anti-malware tool. |
Manual Solution |
Rijndael ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
Distribution |
Spam emails, malicious URLs, malicious attacments, exploit kits, freeware. |
Rijndael Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely Rijndael Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
- 1) Use present backups
- 2) Use professional data recovery software
-
– Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
STEP VII: Preventive Security Measures
-
1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter