Get a fast solution to remove Rorschach Ransomware and get technical assistance with decryption of encrypted files. Download an effective removal tool and perform a full scan of your PC.
What is Rorschach Ransomware
Rorschach Ransomware, also known as BabLock, is a sophisticated strain of ransomware that specifically targets small and medium-sized businesses, as well as industrial companies. Upon infection, it encrypts various file types and appends a unique identifier to the filenames, which is a random string of characters followed by a two-digit number ranging from 00 to 98. For example, a file such as report.docx might be altered to report.docx.yhdbgt.23. This nefarious ransomware employs a highly effective hybrid cryptography scheme that combines the curve25519 and eSTREAM cipher hc-128 algorithms. Such an encryption process not only makes the files inaccessible but also ensures that it is incredibly challenging for victims to recover their data without assistance. Victims receive a _r_e_a_d_m_e.txt ransom note, typically found in the same directories as the encrypted files, that outlines the situation, threatens further attack, and provides contact information for cybercriminals.
Decryption ID: -
Hi, since you are reading this it means you have been hacked.
In addition to encrypting all your systems, deleting backups, we also downloaded your confidential information.
Here's what you shouldn't do:
1) Contact the police, fbi or other authorities before the end of our deal.
2) Contact the recovery company so that they would conduct dialogues with us. (This can slow down the recovery, and put our communication to naught). Don't go to recovery companies, they are essentially just middlemen who will make money of you and cheat you.We are well aware of cases where recovery companies tell you that the ransom price is 5 million dollars, but in fact they secretly negotiate with us for 1 million dollars, so they earn 4 million dollars from you. If you approached us directly without intermediaries you would pay 5 times less, that is 1 million dollars.
3) Do not try to decrypt the files yourself, as well as do not change the file extension yourself !!! This can lead to the impossibility of their decryption.
Here's what you should do right after reading it:
1) If you are an ordinary employee, send our message to the CEO of the company, as well as to the IT department.
2) If you are a CEO, or a specialist in the IT department, or another person who has weight in the company, you should contact us within 24 hours by email.
If you do not pay the ransom, we will attack your company again in the future.In a few weeks, we will simply repeat our attack and delete all your data from your networks, WHICH WILL LEAD TO THEIR UNAVAILABILITY!
As a guarantee that we can decrypt the files, we suggest that you send several files for free decryption.
Mails to contact us(Write the decryption ID in the title of your message):
1)wvpater@onionmail.org
2)wvpater1@onionmail.orgThe ransom note emphasizes the seriousness of the situation, claiming that all backups have been deleted and confidential information has been exfiltrated. It instructs victims against involving law enforcement or any recovery companies, maintaining that trying to decrypt files independently may lead to further complications. Unfortunately, no legitimate decryption tools are currently available for Rorschach ransomware, making recovery particularly difficult for affected users. Paying the ransom is not recommended, as there is no guarantee that the attackers will provide the decryption key. For those impacted, exploring backup options, if available, is the best course of action. Users may embark on data recovery attempts using various third-party recovery tools, but success is not assured due to the strength of the encryption employed. In the absence of any substantial decryption assistance, improving overall cyber hygiene and maintaining regular backups remain critical to combat future ransomware threats.
How Rorschach Ransomware infects computers
Rorschach ransomware, also known as BabLock, primarily infects computers through exploitation of vulnerabilities in external services, particularly targeting small and medium-sized businesses. One common vector for infection is the exploitation of remote code execution (RCE) vulnerabilities, such as those found in email software like Zimbra Collaboration, which allows attackers to gain unauthorized access. Additionally, phishing emails containing malicious links or attachments are a prevalent method, tricking users into inadvertently downloading the ransomware. Malvertising, which involves deceptive advertisements that redirect users to sites hosting the ransomware, also plays a significant role in its distribution. Once executed, Rorschach employs sophisticated techniques, including the creation of Group Policies on Windows Domain Controllers, enabling it to spread rapidly across networks. This multifaceted approach to infection underscores the importance of robust cybersecurity measures and user awareness in preventing ransomware attacks.
