Rar1 Ransomware Asks for Ransom Payment in Monero
Rar1 is the name given to a newly discovered strain of file-encrypting malware. The new variant doesn't seem to belong to any specific larger ransomware family.
Rar1 encrypts files on the target system once it has been deployed on it. Files scrambled by the ransomware become unusable. Affected extensions include popular media, archive, document and database file types.
Unlike most other ransomware variants, Rar1 completely changes the file names of encrypted files, replacing them with randomized strings of alphanumeric characters with seemingly random lengths. Once the base file name is changed, the ".rar1" extension is appended. There doesn't seem to be any specific connection between the original name length of encrypted files and the random strings they are renamed to upon encryption.
The ransomware deposits its ransom note inside a file named "READ_TO_DECRYPT.txt". The ransom note asks for payment in cryptocurrency, more specifically 2 Monero coins.
The full ransom note goes as follows:
Your files have been encrypted
Send 2 XMR to the following wallet [alphanumeric string]
And after pay contact a94673838 at proton dot me
Get the password to decrypt the file
Your machine code is :