RSAUtil Ransomware
Posted: May 3, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 48 |
| First Seen: | May 3, 2017 |
|---|---|
| Last Seen: | May 20, 2018 |
| OS(es) Affected: | Windows |
The RSAUtil Ransomware is a Trojan that can block your files from opening by modifying them with an encryption-based cipher. Its attacks also include creating messages requesting money to restore the files it's locking, although paying this extortionist ransom is, at best, an uncertain recovery tactic. For more guaranteed security for your data than that, malware experts suggest backing up your drive routinely and having anti-malware products for quarantining or deleting the RSAUtil Ransomware.
The Trojan from Delphi Prophesying Profits
Delphi isn't the most-favored language for designing threatening software, but, recently, is enjoying a minor heyday, between encryption-oriented threats like the Telecrypt Ransomware, the Amnesia Ransomware, the Extractor Ransomware, and the just-identified the RSAUtil Ransomware. While the RSAUtil Ransomware uses some features visibly similar to those of the Crysis Ransomware family, malware experts are dubbing it an unrelated Trojan, hopefully giving victims new options for recovering the files that it damages.
Distribution routes for this Trojan's campaign are unidentifiable, to date, although malware experts did verify that the RSAUtil Ransomware uses DLL-injecting exploits to launch automatically. Some variants of this Trojan also may use incorrect filenames deliberately to disguise their components as being parts of Windows such as svchost.exe. Once it's in operation, the RSAUtil Ransomware commences encrypting local media, such as pictures, spreadsheets or documents.
Malware experts aren't seeing the RSAUtil Ransomware breaking any new ground with its nonetheless effective encryption routine, which is using a derivative of an AES cipher. While it uses this encryption for blocking your media, the RSAUtil Ransomware also inserts filename changes that include the remote attacker's e-mail address (for ransoming communications) and the system's ID number, with a format that resembles the Crysis Ransomware collective greatly.
The RSAUtil Ransomware's authors are asking for victims to pay an unspecified amount in Bitcoins, with the cryptocurrency platform guaranteeing anonymity for the extortionist but no protection for the one paying to recover their files.
Debunking the Prophecy of Extortion for Decryption Keys
The RSAUtil Ransomware's text-based ransoming notes don't support languages other than English, although its author appears unfamiliar with it and makes numerous grammatical errors. The language may be in use solely to guarantee that the RSAUtil Ransomware is compatible with as many countries as possible. Distribution exploits extortionists prefer for threats of this category encompass both Web browser-based ones, such as exploit kits and e-mail attachments, as well as brute-force attacks against business systems or bundles (the latter for attacking recreational-use systems at random).
Although its last symptoms are unmistakable, this Trojan deals potentially permanent damage to your files before showing any of its other side effects. Paying ransoms for decryption keys always is risky, and malware experts heavily advise against it instead of recovering from your last backup. After removing the RSAUtil Ransomware, you also may consider contacting various entities in the anti-malware industry for inquiring about the potential for free decryption, which is attainable with some Trojan families.
The real cost of giving in to the RSAUtil Ransomware's extortion may be either a few dollars or hundreds of them, but whatever it turns out to be, readers should remember that backing up their files always can be free.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.