Cyber Security

What is RSFDD Ransomware?

What is Ransomware?

Ransomware is a type of malware that encrypts files on a victim's computer or locks the victim out of their device altogether. The attacker then demands a ransom from the victim to restore access to their data upon payment.

Ransomware is one of the fastest-growing types of cyberattack that enterprises face today. Criminals use ransomware as a means of extortion, and there are hundreds of different types of ransomware out there, including strains that are more aggressive and difficult to eliminate. But even if an attack doesn't result in any monetary losses, it can still cause severe damage.

About RSFDD Ransomware

RSFDD Ransomware is a type of malware known as Ransomware. Ransomware encrypts all the files in a computer until the user pays a ransom, and is delivered through a Win32 EXE file. Files encrypted by RSFDD will have a .RSFDD extension appended at the end.

RSFDD is a ransomware that hides threads from debuggers, creates files inside the user directory, steals IE cookies, queries a list of all running processes, connects to a pastebin service, and performs DNS lookups. RSFDD may also steal IE cookies. 

 RSFDD Ransomware has also been spotted inside the following files and processes: ['Pack.exe']

RSFDD Ransomware Capabilities

  • Performs DNS lookups 
  • Hides threads from debuggers
  • Creates files inside the user directory 
  • Steals IE cookies Creates a process in suspended mode likely to inject code 
  • Reads the hosts file 
  • Queries a list of all running processes 
  • Sample monitors Window changes 
  • Uses reg.exe to modify the Windows registry 
  • Enumerates the file system 
  • Connects to a pastebin service
  • Performs DNS lookups 
  • Disables the Windows task manager (taskmgr) 
  • Stores files to the Windows startup directory 
  • Overwrites Mozilla Firefox settings 
  • Queries process information via WMI, Win32_Process 
  • Downloads files Steals IE cookies Contains long sleeps 
  • Uses HTTPS for network communication, use the SSL MITM Proxy
  • May delete shadow drive data
  • Creates files in the recycle bin to hide itself

How to Protect Against Ransomware?

There are a few things you can do to protect yourself from ransomware. The first thing is to make sure that your operating system and all the programs are up-to-date. Finally, make sure that all the software on your computer is up-to-date so that any flaws that hackers might use to gain access to your computer are patched. Lastly always have multiple backups of your files.

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Loading...
Back to top button