The Rijndael Ransomware may be contained in files named ‘BitcoinMiner.exe’ and ‘r4ns0mw4r3.exe’ and seems to be the work of a coder that goes by the online handle ‘humanpuff69.’ This coder has uploaded YouTube videos with information on how to create rogue security software and clones of CryptoWall. Like most ransomware Trojans, the Rijndael Ransomware is designed to block all access to the victim’s files by encrypting them using a strong encryption algorithm. The files affected by the Rijndael Ransomware will have the file extension ‘.fucked’ added to the extremity of each file’s name. The Rijndael Ransomware is capable of encrypting a wide variety of files.
To display its ransom note, the Rijndael Ransomware uses a program window that includes the message below:
‘Deathnote Hackers Was Here !
Your Computer files is encrypted
all files is encrypted with extremely
powerfull new RIDNDAEL encryption
that no one can break except you have
a private string and IVs
To Decrypt Your File You Should Pay Me
0.5 BTC (864.98 USD)
Contact Me : Riptours01@gmail.com
insert your code here:
[TEXT BOX] Decrypt!
Although it may be impossible to recover the data that is encrypted by Trojans like the Rijndael Ransomware, the Rijndael Ransomware’s decryption key is hard coded into its main executable file and have been able to recover it. Victims can enter the code ’83KYG9NW-3K39V-2T3HJ-93F3Q-GT’ into the text box included in the Rijndael Ransomware ransom message to restore their files. It is likely that the con artists will update the Rijndael Ransomware to remove this weakness, but for now, it is possible for computer users to recover their files from the attack.
Users can recover their encrypted file from Max Total Security Backup module.