Razy Ransomware

Posted by Lisa Blanc on August 3, 2016

What is Razy Ransomware?

Razy Ransomware was first sighted on July 4, 2016. It is an extremely malicious infection that will wreak havoc on your computer if it becomes infected with this ransomware. However, if your PC is already infected, then you should remove it immediately. Why? Because there is no way you can pay the ransom. The link needed to pay the ransom does not work, and there is no telling when this link will be online. In any case, you should refrain from paying the ransom because you might not receive the ransom key anyway. So if your computer becomes infected with this ransomware, then, sadly, there is nothing you can do about it. We have included a removal guide at the end of this article, but a good antimalware tool can deal with it as well. test test test

Where does Razy Ransomware come from?

Security analysts at Anti-spyware-101.com have obtained this ransomware’s sample. However, there is little to no information about its distribution because it just came out. Nevertheless, researchers have observed that it does not make a copy of itself in a hidden location and does not require to run continuously in the background. It is distributed with the help of email spam that includes the malicious file in a file archive that you have to extract manually. It encrypts the files when you extract and run it. Now, the email can be disguised as an invoice from a seemingly legitimate company. The file archive may contain a fake PDF or some other file type that is actually an executable that encrypts your files immediately after opening it.

How does Razy Ransomware work?

When you launch Razy Ransomware, it creates a css.vbs file and drops it on the desktop. This file initiates a computer-generated voice that says "Attention! Attention! Attention!" Then the voice states that "Your documents, photos, databases and other important files have been encrypted." Our researchers have found that the use of this voice to inform you about the encryption has been ripped from Cerber Ransomware, an extremely malicious and widespread ransomware that wreaked havoc just a few months back. Apart from creating css.vbs, this ransomware will also generate a file named razydecrypt.jpg which is a ransom note that says that you should open another file that this ransomware creates called index.html. The file contains two links and one of them is www.lolololololol{.}de. However, this link does not work, and you cannot pay the ransom as a result. Razy Ransomware uses the AES (Advanced Encryption Algorithm) to encrypt your files. This encryption method is standard and is used by the majority of ransomware-type programs. While encrypting the files, it appends the names of the files with the .razy extension. Not only that, but it scrambles but it randomizes the names of the files backing them unintelligible.

Once the encryption process is complete, the cyber criminals will demand that you pay a ransom to get your files back. Our researchers say that this particular ransomware is set to ask for 50 EUR. This is a reasonable sum of money that may not be worth paying. However, if this ransomware has encrypted important, valuable information you may be inclined to pay it, but your researchers recommend that you refrain from doing so. The final nail in the coffin for paying the ransom is the fact that Razy Ransomware does not save the private decryption key. Hence, there is no way to decrypt your files. Since this ransomware generates a cryptographically strong 16 byte key per victim, there is no way of guessing this key, with the possibility of 2^128 keys per victim.

How do I remove Razy Ransomware?

Unfortunately, if your PC has become infected with Razy Ransomware, then you will not be able to decrypt your files. A third-party decryption tool can be developed, but it requires for this ransomware’s encryption to be broken which is unlikely. This has yet to happen. Therefore, we recommend that you delete this infection using the guide provided at the end of this article. If you experience problems with the manual removal, then we suggest using SpyHunter — our featured anti-malware application.