![]() It will append the ‘.rigj’ extension to the name of each encrypted file. ![]() Thus, almost all of the victim’s data will be encrypted, including documents, pictures, databases, archives and other types of files, such as: dll’ and files with the name ‘_readme.txt’. There is a small exception, the virus does not encrypt files located in the Windows system directories, files with the extension from the list ‘.lnk. It doesn’t matter where the files are located, on the internal drive, flash drive, external media, cloud storage, all of them can be encrypted. It encrypts file-by-file, so that all files of the victim will be encrypted. Having a key to encrypt files, Rigj virus proceeds directly to the process of encrypting files. Thus, it can be used to decrypt files regardless of where they were encrypted. The offline key is the same for all victims. The online key is unique for each victim, that is, the key from one victim will not help decrypt the files of the other victim. There is a significant difference between ‘online key’ and ‘offline key’. If Rigj ransomware could not connect to the command server, then it uses a fixed key, which the security researchers called ‘offline key’. In addition, Rigj virus may receive additional commands and files that will be executed on the victim’s computer. ![]() If the connection has been established, the virus receives a key (so called ‘online key’) that will be used to encrypt files. Rigj ransomware collects information about the victim’s computer, after which it tries to establish a connection with its command-and-control server (C&C). Then the virus changes some Windows OS settings so that it starts automatically every time the PC is turned on or restarted. Upon execution, Rigj creates a folder in the Windows system directory and copies itself there. Like other variants of this ransomware, it is distributed through key generators, cracked software, adware and torrents web-sites. Rigj ransomware is new malware that is the 353th variant of STOP (DJVU) ransomware. ![]() Screenshot of files encrypted by Rigj virus (‘.rigj’ file extension) QUICK LINKS ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |