Rejg Ransomware is a New STOP Ransomware Variant Threatening to Lock Your Files

Cryptocurrency has gained popularity among hackers, who use it to monetize their efforts. The most recent example happened after the Rejg ransomware returned to the scene. It is a file-encryption Trojan, which encrypts the data of its victims and then offers to sell them a decryption tool in exchange for cryptocurrency like Bitcoin. Using this approach, cyber criminals can generate profit on the side when victims pay up or lose their files. It is unclear how many people have fallen victim to this malware, but one thing is for sure – the Rejg Ransomware uses a file-locking mechanism that cannot be cracked for free.

Currently, victims of the Rejg Ransomware can only restore their files reliably through a backup. If a backup is not available, we recommend using reputable data recovery software, which might be able to salvage some of your files. What we do not recommend is listening to the cybercriminals – co-operating with them and sending them money is a terrible idea. Users who pay are likely to get scammed.

The Rejg Ransomware has been identified as a version of the STOP Ransomware, and its properties are similar to the ones of the infamous ransomware family. It adds the '.rejg' extension to the names of damaged files, and it then drops the '_readme.txt' ransom note. The message of the attackers reveals that:

  • The ransom sum is $490, but it will be doubled if the victim does not pay in the next 72 hours.
  • The criminals offer to unlock 1-2 small files for free.
  • The criminals use the emails helpmanager@airmail.cc and helpteam@mail.ch.

Ignore the offer of the perpetrators, and proceed to run an antivirus tool to remove the ransomware permanently. After this step is completed, use the data recovery options mentioned above.

May 6, 2021