Home Malware Programs Ransomware Rijndael Ransomware

Rijndael Ransomware

Posted: April 4, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 11
First Seen: April 4, 2017
OS(es) Affected: Windows


The Rijndael Ransomware is an update of the DNRansomware, which locks your screen with ransom demands that it motivates by blocking your files with a cipher. Any users needing to recover their data should look to free decryption solutions or backups while following this article's recommendations for unlocking their screens. Various anti-malware products also can provide protection that removes the Rijndael Ransomware before any encryption begins.

A River's Worth of Encryption Problems

The now rarely-used name of Rijndael, the alternative label for the AES encryption standard, is a Dutch play on the words referencing the river Rhine ('rijn') and a valley ('dael'). Now, an update to the DNRansomware campaign is including references to the Rijndael standard in its ransoming messages, along with supposed improvements to the encryption attack. Whether the extortionists are using the Rijndael label out of familiarity for its Dutch origins, or for confusing its victims, malware experts find the threat no stronger than past versions of the DNRansomware.

Instead of targeting Chrome users, the Rijndael Ransomware installs itself by appealing to individuals interested in generating Bitcoins through a specialized mining application. After installing through the fake Bitcoin miner, the Rijndael Ransomware can encrypt documents, archives, and other media or any immediate symptoms automatically. The Trojan uses an AES algorithm for this purpose and appends the '.fucked' extension to the names (also a symptom of other threats, such as the EnkripsiPC Ransomware).

Malware experts also conclude that the Rijndael Ransomware is one of an increasing number of file-encrypting Trojans that disable the victim's desktop accessibility by loading a non-minimizing pop-up. The Rijndael Ransomware's screen-locker includes an adjustable e-mail address, for contacting its author, humanpuff69, and entering into ransom negotiations for the decryptor. He asks for 0.5 Bitcoins currently, equal to roughly 567 USD, which the victim can't refund if he chooses not to provide the decryption service.

Damming Up a Threat Actor's Flow of Ransoms

Honesty isn't a quality in high demand to people engaging in cyber extortion, and the Rijndael Ransomware shows many of the characteristic traits of hoax-based Trojans, including exaggerating the quality of its encryption. Other companies have updated their free decryption software to be compatible with any media that the Rijndael Ransomware locks, which gives victims without the wisdom to back up their files another way out. Backing up content to an isolated drive or server is highly recommended by malware experts to keep threats like the Rijndael Ransomware from forcing you into paying their ransoms for the chance of recovering your files.

Just like the DNRansomware, the Rijndael Ransomware uses a hard-coded unlocking mechanism that remains consistent between separate infections. Current versions of the Rijndael Ransomware use the '83KYG9NW-3K39V-2T3HJ-93F3Q-GT' key to unlock their pop-ups. However, users should run anti-malware tools to disinfect their PCs and contain or delete the Rijndael Ransomware safely as soon as possible afterward.

Con artists are students of human nature just as much as any philosopher and understand that the drive to make money out of nothing from a Bitcoin miner is a powerful incentive for installing unknown software. Give your security tools a chance to analyze these downloads, and you may be saving your files from a fate even more expensive than the Rijndael Ransomware's attacks.

Loading...