Rotor Ransomware

Posted by Lisa Blanc on October 25, 2017

What is Rotor Ransomware?

Rotor Ransomware may not leave any ransom note on the infected computer, but we have no doubt it is a malicious file-encrypting application designed to take the victim’s files as hostages and extort money from the user. Our researchers at Anti-spyware-101.com say that while the malware does not drop any ransom note, it might mark all encrypted data with a particular extension which should state a specific email address. Probably, the threat’s creators expect users to contact them via such email. However, we do not recommend doing so as there are no guarantees you will get your data back even if you pay what the cyber criminals ask. What we are trying to say is that dealing with such people could result in you losing your savings. Users who would not want to risk it should delete Rotor Ransomware instead, and once it is gone, it should be safe to restore the files from backup. To guide users through the removal process, we will add instructions at the end of the article.

Where does Rotor Ransomware come from?

According to our computer security specialists, Rotor Ransomware should infect the system after the user accidentally opens its launcher. Sadly, it could be any file and identifying it might be a difficult task. For instance, the malicious installer could be a recently downloaded setup file or a suspicious email attachment that came from an unknown sender. To put it simply the source of the infection might be any questionable data downloaded from the Internet, so to keep the computer safe, users should check such data with a legitimate antimalware tool first or stay away from it. In case of an emergency such as encountering a ransomware application or other harmful threats, it might be a good idea to backup all necessary files to be able to recover them later. You can store copies of valuable data on cloud storage, removable media devices, and so on. Thus, it is up to you to decide what option suits you best.

How does Rotor Ransomware work?

It appears to be, Rotor Ransomware works right from the directory where the user downloaded it. Also, it does not look like it can restart with the system, still after launching the infection for the first time, it will run until the computer is made to shut down and during this time the malicious application can encrypt any newly created data. The malware encrypts it with a secure cryptosystem and marks files by appending a particular extension at the end of their names. For instance, the sample our researchers tested marked its targeted data by placing “!_____GEKSOGEN911@GMAIL.COM____.c300” at the end of a title. Other Rotor Ransomware variants mention different emails, for example, DILINGER7900@GMAIL.COM, hamil8642@gmail.com, FIDEL4000@TUTAMAIL.COM, and so on.

As we said earlier, there is no ransom note, and the cyber criminals probably wait for their victims to contact them via the given email address. No doubt, the reply message from them should state how much you would have to pay for a decryption tool and promise to send it once you transfer the money. Clearly, we advise against this as the malware’s creators may not keep up to their promises. In fact, they might try to extort even more money and so you could lose your savings in vain.

How to erase Rotor Ransomware?

It seems to us eliminating the malicious application is the best option if you do not want to put up with any demands or risk your savings. There are two options to get rid of Rotor Ransomware. First of all, you could try to locate the malware’s launcher and erase it manually. This task might appear to be tricky, which is why we are placing deletion instructions just below the text. The other option is to install a legitimate antimalware tool and locate the threat while scanning your system with the chosen antimalware software. After the scan, you should be able to eliminate it by just clicking the removal button.

Remove Rotor Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Look for the malicious program’s process.
  4. Mark this suspicious process.
  5. Choose the End Task button.
  6. Exit the Task Manager.
  7. Press Win+E.
  8. Go to:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  9. Find the harmful file launched before the system appeared to be infected.
  10. Right-click it and select Delete.
  11. Exit File Explorer.
  12. Empty Recycle bin.
  13. Reboot the computer. 100% FREE spyware scan and
    tested removal of Rotor Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *