Beware! Rar Ransomware is Not an Archive Utility

Rar ransomware is the name of a new strain of ransomware discovered in the wild that belongs to the VoidCrypt family of variants. As the name suggests, the ransomware uses the ".rar" extension as part of the changes it makes to encrypted file names.

Despite its extension, files encrypted by the ransomware will not be openable, as they are not valid archive files, even though they use the popular compressed file .rar extension.

The ransomware renders encrypted files unreadable and appends a complex new extension to them. A file named "image.png" will turn into "image.png.[victim ID](spystar1@onionmail.org).Rar" upon encryption.

The ransom note is dropped inside a file named "Read.txt", which is placed on the desktop. The full ransom note is as follows:

All your files have been encrypted. If you want to restore them, write us to the e-mail:spystar1 at onionmail dot com

Write this ID in the title of your message -

You can also write us using this Telegram Username: @Rar_support

Do not rename encrypted files.

Do not try to decrypt your data using third-party software and sites. It may cause permanent data loss.

The decryption of your files with the help of third parties may cause increased prices (they add their fee to our), or you can become a victim of a scam.

November 8, 2022
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.