google-site-verification: google30a059f9a075f398.html

Rapid Ransomware Continues Encrypting New Files as they Are Created

CyberWisdom Safe Harbor Commentary

This story from bleepingcomputer.com announces a hidden new ransomware, called Rapid Ransomware, that remains active after initially encrypting computers and encrypting any newly created files. Although this behavior is not a distinct behavior of Rapid, it is not a common behavior we often see.

Although it is not known how Rapid Ransomware is distributed, many have been infected since January. Statistics from ID-Ransomware show that the first filing was January 3, and since then, more than 300 have been submitted. This could be a small fraction of the total number of victims and many are most likely not to use ID-Ransomware to identify the infection.

What to do if you become infected with Rapid Ransomware

Because Rapid Ransomware will continue to run after the computer initially encrypts and monitors for new files to be encrypted, it is important to turn it off as soon as possible. Once the victim detects that they have become infected with Rapid Ransomware, they should immediately open the Windows Task Manager and terminate the related ransomware process.

If the computer has not been restarted, the running process may have any name. For example, our example is called rapid.exe, which you can see in the screenshot below. The actual victim will not have this file name running. If the computer has been restarted, the ransomware process may be named info.exe.
Task Manager

Once you terminate the process, you start msconfig.exe and disable autorun. If you do not have access to Windows Task Manager, you can use Network Connections to restart to Safe Mode and try it out.

How to protect yourself from Rapid Ransomware

In order to protect yourself from ransomware, it is important to use good computing habits and security software. First and foremost, you should always have reliable and tested data backups that you can recover in an emergency, such as ransomware attacks.

You should also have security software that includes behavioral detection to deal with ransomware, not just signature detection or heuristics. For example, Emsisoft anti-malware and malware anti-malware all contain behavioral tests that prevent many (if not most) ransomware from infecting encrypted computers.

Last but not least, ensuring you practice the following  7 safety practices is in many cases the most important step:

  1. Backup, backup, backup!
  2. If you do not know who sent it, do not open the attachment.
  3. Until you confirm that the person actually sent to your attachment is turned on,
  4. Use Accessories such as VirusTotal to scan attachments.
  5. Make sure all Windows updates are installed Also make sure you update all programs, especially Java, Flash and Adobe Reader. Older programs contain security holes commonly exploited by malware distributors. Therefore, it is very important to keep updating.
  6. Make sure you are using some kind of security software installed with behavior detection or white list technology. Whitelisting can be a painstaking training, but if you are willing to stock it, you can get the maximum return.
  7. Use a hard password and do not reuse the same password at multiple sites.

Read more…

Hacker Uses Malware to Steal Gas From Paying Customers HP Reissuing BIOS Updates After Intel Meltdown and Spectre Updates Dell Advising All Customers To Not Install Spectre BIOS Updates Blizzard Fixes DNS Rebinding Flaw that Put All the Company’s Users at Risk Sites Promoting Free Amazon Gift Cards Don’t Deliver What You Are Expecting InsaneCrypt (desuCrypt) Decrypter Remove the TheMovieQuest.co Chrome Extension Remove the Get an Amazon Gift Card Ad Remove the Hlatomer.net Browser Redirect Remove the Strawberry Daiquiri Cocktail Chrome Extension Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ How to Rename a Hyper-V Virtual Machine using PowerShell & Hyper-V Manager How to Install Hyper-V in Windows 10 How to Enable CPU Virtualization in Your Computer’s BIOS How to open a Windows 10 Elevated Command Prompt How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often. While it is not known how the Rapid Ransomware is being distributed, it has been infecting numerous people starting in January. According to statistics from ID-Ransomware, the first submitted case was on January 3rd and since then there have been over 300 submissions.  This is probably a small portion of the total victims, are there many who most likely did not utilize ID-Ransomware to identify the infection. When the ransomware runs, it will clear the Windows shadow volume copies, terminate database processes, and disables automatic repair. The processes that are terminated are sql.exe, sqlite.exe, and oracle.com and the commands that are executed are: Once these commands are executed, the ransomware will scan the computer for files to encrypt. Engaging post, Read More…

thumbnail courtesy of bleepingcomputer.com.

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Rapid Ransomware Continues Encrypting New Files as they Are Created