Rijndael Ransomware

Posted by Max Lehmann on April 4, 2017

What is Rijndael Ransomware?

Rijndael Ransomware is a computer infection developed by the author who calls himself/herself humanpuff69. It seems to be a new version of Dnransomware Steps, which was spotted by our malware analysts in January 2017. Although it is a newly-detected computer infection, it seems that it has borrowed a working scheme from other ransomware infections because it does not differ from them in any way. After tricking users into downloading it, this malicious application finds files stored on the computer and then encrypts them all. It always acts the same unless a user downloads a corrupted malicious file. If you suspect that this ransomware-type infection is inside your computer too, delete it no matter it has encrypted your files or not. It will be slightly more difficult to do that if it has “locked” your Desktop, but, with our help, its removal should not be a task that is impossible to accomplish.test

What does Rijndael Ransomware do?

If you encounter a well-working version of Rijndael Ransomware, it will, most probably, lock your screen by opening its own window on top of Desktop. On top of that, you will find your files encrypted and having a new filename extension .fucked next to the original one, for example, mydocument.doc.fucked. It should not touch any system files, specialists say, so your Windows OS should not be ruined. Unfortunately, we cannot say the same about pictures, documents, music/video files, etc. because Rijndael Ransomware encrypts them all. A message opened after the encryption of personal files tells a victim that files have been encrypted “with extremely powerfull new RIJNDAEL encryption” and no one can crack it “except you have a private string and IVs.” Just like other similar threats do, this infection tries to convince users that they need to purchase a code to be able to unlock their screens and files. Unfortunately, the unlock code is very expensive. At the time of writing, cyber criminals demand 0.5 Bitcoin (~ 570 USD). To find out where to send money, users need to write an email to Riptours01@gmail.com first. Do not bother writing an email if you are sure you are not going to pay money to the developer of Rijndael Ransomware. Our specialists do not recommend sending money to it too. They say that users should try to insert the unlock code 83KYG9NW-3K39V-2T3HJ-93F3Q-GT first. This should unlock your Desktop, and you could then go to download a free data recovery tool from the web. All those encrypted files (having the .fucked filename extension) can also be recovered from a backup. Of course, it would only be possible to do that if this backup has not been encrypted by Rijndael Ransomware.

Where does Rijndael Ransomware come from?

Research carried out by specialists at anti-spyware-101.com has revealed that there are two ways this ransomware infection is distributed. First, it can pretend to be a Bitcoin miner. In this case, it might have a name BitcoinMiner.exe. Second, it might also be spread through spam emails. This is the old good method frequently employed by cyber criminals. Rijndael Ransomware travels as an email attachment in these emails, but, of course, users are not told in advance that they see a malicious application. Malicious software tends to be very sneaky, so it might be impossible, or extremely hard, to prevent it from entering the system. As a consequence, all users should have a security application installed and enabled on their computers. Most probably, such a tool does not exist on your computer if Rijndael Ransomware has managed to enter the system successfully. If we are not right and you have security software installed on your PC, it must be untrustworthy.

How to delete Rijndael Ransomware

It does not mean that your files will all be immediately unlocked after you delete Rijndael Ransomware from your computer, but there is a huge possibility that you could decrypt them with a free decryption tool after fully deleting this ransomware infection. Our instructions will guide you through the removal process, so you should not face many difficulties deleting it. Enter 83KYG9NW-3K39V-2T3HJ-93F3Q-GT and unlock your Desktop before taking action (if you find it locked). When you finish deleting this malicious application, perform a system scan with SpyHunter to find out whether all malicious components have been eliminated.

Rijndael Ransomware removal instructions

  1. If you find your screen locked, enter 83KYG9NW-3K39V-2T3HJ-93F3Q-GT in the unlock box and click Decrypt!.
  2. Press Ctrl+Shift+Esc.
  3. Open the Processes tab.
  4. Locate the malicious process Rijndael.exe or BitcoinMiner.exe (it might have another name, but it will definitely have EncryptRansombyhumanpuff69 in the Description column).
  5. Right-click on it and select Open File Location.
  6. Right-click on the process again and select End Process.
  7. Delete the malicious file having the same name from the opened directory.
  8. Scan your computer with a reputable scanner.
100% FREE spyware scan and
tested removal of Rijndael Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *