Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Razy Ransomware Help & Support Topic - .razy extension

  • Please log in to reply
2 replies to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,716 posts
  • Gender:Male
  • Location:USA
  • Local time:01:08 AM

Posted 31 July 2016 - 02:37 PM

The Razy Ransomware was discovered by Jakub Kroustek and encrypts your data with AES encryption. Once a file is encrypted it will append the .razy extension to the encrypted filename. This ransomware will target all files, regardless of extension, on the victim's Desktop, Documents, Videos, Pictures, and Music folders.

Unfortunately, this ransomware does not save the decryption key anywhere, so there is no way for a victim to decrypt the files once they are encrypted. This twitter account states that they created this ransomware for educational purposes and have no idea how it has been distributed.



BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,589 posts
  • Gender:Male
  • Location:USA
  • Local time:12:08 AM

Posted 31 July 2016 - 02:56 PM

Also to note, the "PAY HERE" buttons are dead links, so there is no-one even asking for a ransom. The ransomware generates a cryptographically strong 16 byte key per victim; there is no way to feasibly guess this key (2128 possible keys per victim - thanks Fabian for correcting my math as usual :P).


An interesting "feature" the original author added is a VBS script with speech that is directly ripped from Cerber.


We can only hope there are few, or even better, no real victims of this one.


If only people would learn to stop playing with ransomware. Sure, write "educational malware" - worst case scenario, someone gets hit and you have to do cleanup; ransomware gets loose, and people lose their data.  :nono:

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 Amigo-A


  • Members
  • 623 posts
  • Gender:Male
  • Location:3st station from Sun
  • Local time:11:08 AM

Posted 01 August 2016 - 11:50 AM

No written evidence "educational purposes" in this crypto-rasy I have not noticed. Really - a game in of extortionists and narcissism. 

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users