Rakhni Ransomware, a malware which has been infecting the user’s computer since year 2013 and still making new victims. It is one of the most precarious cyber threat which is still around and has not quite stopped. The cyber criminals behind this ransomware keeps updating its features and now added a cryptocurrency mining component to mine digital currency onto the compromised systems. The threat named Rakhni Ransomware deploys on selected computers carefully that belongs to the corporate and started its vicious activities to gain some profit for its operators.
According to the cyber security analysts from a reputed anti-virus lab, Rakhni Ransomware has come up with a new version by receiving an update from the hackers. This time, the threat can scan the entire machine before infecting the targeted computers. In case, if it has decided to deploy a file-encoder payload, then it will encrypt the systems’ files immediately in the background. In addition to that, after dropping its harmful payload, the Rakhni Ransomware also runs a module of coin miner from a remote malware server controlled by the cyber extortionists.
The working algorithm of Rakhni Ransomware is quite simple, if it finds any file or folder named Bitcoin onto the affected computer, it immediately initiates the file-encryption module. However, it is still unclear why hackers decided to do so but it can be assumed that after finding a Bitcoin file or folder onto the victims’ machine, the hackers may believe that the users may not have any issues in paying asked ransom fee after encoding their files due to the assumption that they have a cryptocurrency fund.
What’s more, if the Rakhni Ransomware does not find any folder or file related with Bitcoin, then it will drop a Bitcoin mining program from a remote Command and Control server of the hackers and install it silently on the victim’s computer as well. Based on the recent research report, the Bitcoin miner Trojan deployed by this ransomware will mine popular digital currency like Monero, Dashcoin, Bitcoin or Monero Original. At the time of writing this security article, the Rakhni Ransomware virus has been distributed using malicious spam email campaigns.
Technically speaking, this recently updated Rakhni Ransomware is mainly infecting the computer users located in India, Ukraine, Russia, Germany and Kazakhstan. The spam email attachments containing the malicious payload of this malware comes in the form of Word documents. However, downloading or opening the attached file immediately runs a malicious executables of Rakhni Ransomware and initiates its malicious operations onto the victims’ computer. Unfortunately, the decryption of enciphered files is still impossible, but the researchers were working on the predecessors of this malware and will release the decryption key soon.