Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RarVault Ransomware Help & Support - RarVault.htm, Rar_Vault_User.txt


  • Please log in to reply
No replies to this topic

#1 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:10 PM

Posted 09 September 2016 - 06:55 PM

Another ransomware has been found that uses legitimate programs to do its dirty encryption. RarVault was first brought to our attention by Malware Response Team member B-boy/StyLe/ who was assisting a Russian-speaking victim.

 

This ransomware generates a random 127-character password (with both Latin and Cyrillic characters) that it then uses to encrypt all of a victim's data into one .rar file using a packaged executable of WinRar.

 

The malware creates a folder at C:\RarVault, where it stores a file called "Rar_Vault_User.txt", with information for the victim to contact the author.

http://RarVault.myfreesites.net/

RarVault@ruggedinbox.com

[redacted]

The victim is also left with the ransom note "RarVault.htm", shown below.

 

 

CrteMKkVYAAUgDg.jpg

 

 

Below is an image of the website the victim is lead to, translated to English by Google Translate.

 

CrteMphUMAAls8a.jpg

 

 

Research on this ransomware is still on-going. If anyone has been hit by this ransomware, or knows a victim, please post here.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users