The Rush Ransomware is a sanction variant that will encrypt data on all the local drives on a computer. When it encrypts data it will use AES encryption and then append the .crashed extension to encrypted files. In each folder it encrypts files it will create a ransom note called DECRYPT_YOUR_FILES.HTML.
The ransom amount is 2 bitcoins and the associated bitcoin address is 1MNXvRYn32EdGqq2YsqQ1hAEBU3NRcPN7h. Victims are told to email firstname.lastname@example.org after making payment to get the decryptor.
At this time there is no way to decrypt files encrypted by the Rush Ransomware.
The files targeted by Rush Ransomware are:
.txt, .qbb, .pdf, .msg, .asmx, .rpt, .arw, .sldprt, .dwf, .doc, .adi, .adt, .docx, .altr, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, sln, .php, .asp, .aspx, .html, .xml, .psd
As this is a Sanction variant, please use the Sanction topic instead for support: Sanction Ransomware Help & Support Topic.
Edited by xXToffeeXx, 23 July 2016 - 10:11 AM.