What is the R0n Ransomware?

R0n is a type of ransomware that encrypts files and appends the victim's ID, email address, and ".r0n" extension to filenames. Our team discovered this malicious software while inspecting malware samples submitted to online threat databases. It is part of the Dharma ransomware family. An example of how R0n renames files is changing "1.jpg" to "1.jpg.id-9ECFA84E. .r0n".

The ransom notes provided by R0n instruct victims to contact ronvest@tutanota.de, jerd@420blaze.it, ronrivest@airmail.cc, or vestroni@tuta.io for instructions on restoring their files; they can also send up to three files for free decryption. The note also warns against attempting to decrypt the files with third-party software as it may lead to permanent data loss.

Ransomware such as R0n has become increasingly common in recent years due to its ability to quickly encrypt large amounts of data and demand payment from victims in exchange for access or decryption keys. To protect against such attacks, users should ensure their systems are up-to-date with the latest security patches and use reliable antivirus software. Additionally, they should regularly back up their data to an external drive or cloud storage service in case of a ransomware attack.

The R0n ransomware full note

The full text of the ransom note used by the R0n ransomware reads as follows:

All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: ronrivest@airmail.cc (ronvest@tutanota.de) YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:jerd@420blaze.it
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Can you restore your files if you were hit by the R0n ransomware?

If you were hit by the R0n ransomware, it is possible to restore your files. The ransom notes provided by R0n instruct victims to contact ronvest@tutanota.de, jerd@420blaze.it, ronrivest@airmail.cc, or vestroni@tuta.io for instructions on restoring their files; they can also send up to three files for free decryption. However, it is important to note that there is no guarantee that the attackers will provide a decryption key or that the data can be recovered even if a payment is made.

In some cases, victims may be able to recover their data without paying the ransom by using third-party software such as Emsisoft Decrypter or Kaspersky's RakhniDecryptor tool. However, this should only be attempted if you are confident in your technical abilities and understand the risks involved with attempting to decrypt your own files. Additionally, these tools may not work for all variants of ransomware and could potentially cause permanent data loss if used incorrectly.

The best way to protect yourself from ransomware attacks is to ensure your systems are up-to-date with the latest security patches and use reliable antivirus software. Additionally, you should regularly back up your data to an external drive or cloud storage service in case of a ransomware attack.

How can you safeguard your files against ransomware attacks similar to the R0n ransomware?

To protect against ransomware attacks such as R0n, users should ensure their systems are up-to-date with the latest security patches and use reliable antivirus software. Additionally, they should regularly back up their data to an external drive or cloud storage service in case of a ransomware attack. This will allow them to restore their files without having to pay the ransom or attempt to decrypt the files themselves. It is also important to be aware of phishing emails and other suspicious activities that could lead to a ransomware infection. Finally, users should avoid downloading software from untrusted sources and keep their operating system and applications updated with the latest security patches.

January 23, 2023