A new ransomware dubbed “Rapid” has been reported to be spreading. Rapid Ransomware’s can be spread through targeted emails containing links and attachments. A click on any of such links or attachments will lead the command execution. The ransomware then scans the computer for files to encrypt. An encrypted file will have the .rapid extension (as shown below) appended to the encrypted file’s name.
The Rapid ransomware stays active after initially encrypting a computer and encrypts any new files that are created. While this behaviour is not unique to Rapid, it is not a very popular characteristic threat with Ransomwares.
Once it has finished encrypting a computer, it will create a ransom note named How Recovery Files.txt in various folders including the Windows desktop. This ransom note will contain an email that the victim should contact to receive payment instructions.
Researchers have not been able to confirm if the decryption key will be provided when payment is made. Also, if the Rapid Ransomware can be decrypted for free. For those who have been infected, Blacksentry strongly recommends the following steps (as seen below) once a victim suspects an infection.
- Ensure you don’t click on links and attachments from unfamiliar emails.
- Verify that the sender of the email is genuine.
- Make sure you have an active antivirus program fully updated and scan your PC.
- Do not visit untrusted sites or click on malware laden adverts.
- Do not download illegal contents, fake updates or fake malware scanners.
- If you have any suspicions about an email, kindly forward it to BlackSentry CDC for further analysis.
- Report any suspicious system behaviour immediately to BlackSentry CDC for investigation.
WHAT TO DO IF YOU SUSPECT AN INFECTION
- Terminate the associated ransomware process from the Windows task manger as soon as possible. Look for an exe or info.exe process
- Shut down the computer.
The most important security step requires you to adopt safer computing habits; if you follow these steps, not only will you be protected from ransomware, you will also be protected from almost all other malwares.