Rapid 2.0 Ransomware Will Not Encrypt Data on PCs with Russian Locale

It has been reported that Rapid 2.0 Ransomware, a recent variant of Rapid ransomware is not targeting Russian users. Yes, you read it right as it is confirmed by Cyber experts that Rapid 2.0 Ransomware is not encrypting data on PC in which locale settings has been set to Russian . It is good news for the Russian people that there files will not be hijacked by the new recent variant of Rapid ransomware. There are no such devastating changes done in the recent version which is going to create a new trouble this time.

Two Modifications Found in Rapid 2.0 Ransomware, Recent Variant of Rapid Virus

  1. The first modification done is that the files which will be encrypted by the Rapid 2.0 will be appended an extension which are randomly generated by the ransomware. Rapid version simply alloted ‘.Rapid’ as an extension to the files encrypted. An illustration will clear you the scenario, if there is an image file on your PC with name ‘XYZ.jpg’ which now has been encrypted by Rapid 2.0, then after encryption the file name will be displayed as ‘1764538.HRTYJ’. The extension which is generated randomly by Rapid 2.0 contains seven digits followed by five alphabets. On the other hand if the same file would have been encrypted by its previous version, Rapid 1.0, it would have looked like XYZ.Rapid after encryption.
  2. Second modification which is the important one is that the Rapid 2.0 will insert certain code before encryption in the PC which is going to be compromised. The code inserted will examine the locale settings, if the PC has locale setting set to Russian then the encryption will not be launched on that PC. As user will not come to know about the name of malware which is responsible for making your file inaccessible, but after seeing the ransom note it gets crystal clear as the name Rapid 2.0 is displayed on the topmost part of the ransom note text.

Rapid2.0 intimates the user of the compromised PC to settle communication with the developer through email. The email address provided by this version is supp1decr@cock.li and supp2decr@cock.li. The developers of Rapid 2.0 suggest user to purchase decrypting tool to decrypt the files encrypted as there is no other option which the user can opt to restore those files again to their computer. The ransom amount is also the same which is about $500-$1500 in a Bitcoin wallet address. User are also warned that they can lose their data completely if they try to use any third-party decrypting tool. So. it can be said that it is a piece of good news if user is a resident of Russia, but the situation remains the same for people residing to other parts of this Globe.

Leave a Comment

Your email address will not be published. Required fields are marked *