Home Malware Programs Ransomware Rsalive Ransomware

Rsalive Ransomware

Posted: August 1, 2019

The Rsalive Ransomware is a file-locking Trojan that can encrypt your media files with an AES algorithm that keeps them from opening. Besides non-working documents, pictures, etc., symptoms can include the addition of Trojan-specific extensions to filenames, deleted backups, and unsafe changes to your security settings. Keep your anti-malware products ready for removing the Rsalive Ransomware appropriately and have backups for free data recovery.

Incoming Two Hundred Dollar 'Security Problems'

The Scarab Ransomware, the dual-language family of extortionists Trojans, remains a competitor in the field for file-locking attacks in the current year. Russian cyber-security researchers are confirming another addition to the already-weighted, English half of this family. For now, malware researchers see no profit to the wallet of the Rsalive Ransomware, which depends on Bitcoins for its illegal livelihood.

It's much newer than ancestors like the Recry1 Ransomware, the Scarabey Ransomware, the Scarab-Recovery Ransomware, or the Scarab-DD Ransomware, but the Rsalive Ransomware's modus operandi is identical. It encrypts media on your computer by using a secure version of AES or Rijndael and tags their names with additional extension info, including 'rsalive' strings. Along the way, it removes the Shadow Volume Copies that could help Windows users with data recovery by issuing a shell command.

The other symptom that victims are likely of noticing is its ransom note, which the Trojan bases off of a template that malware experts see in most versions of the family. The message describes the attack as being a 'security problem' and asks for two hundred USD, in Bitcoins, for recovering your files. Although victims should be wary of paying, which may not help with the recovery at all, free decryption for the Rsalive Ransomware's family is limited in availability and effectiveness.

Keeping the Rsalive Ransomware's Profits from Coming Alive

Some versions of Ransomware-as-a-Service (or RaaS) threats use general-purpose infection methods at random, such as torrents and compromised ad networks on adult websites. Others will arrive over e-mail phishing attacks. For most users, abiding by common-sense precautions like ignoring illicit download links, scanning new files, and disabling features like JavaScript will suffice for keeping them out of danger from the Rsalive Ransomware's campaign.

Network administrators have additional responsibilities for avoiding file-locking attacks, however. Out-of-date software can be a haven for vulnerabilities, and threat actors, often, will brute-force credentials or take advantage of the presence of open RDP features. Correcting these issues and maintaining a rigorous backup will protect your servers' contents from the Rsalive Ransomware's locking attempts.

Decryption is, as per usual, not easily or freely available for most versions of Scarab Ransomware. Anti-malware programs can, at a minimum, compensate by removing the Rsalive Ransomware immediately or disinfecting a system for halting the attacks.

The Rsalive Ransomware might be alive, but its Bitcoin wallet is at zero. Victims should keep it in that state, assuming they don't want to see more Trojans just like it, in this high-turnover industry.

Loading...