The Ritzer ransomware is a new arrival in the lineup of Chaos ransomware clones.
The new strain called Ritzer behaves largely as you would expect - it encrypts most files on the victim system, leaving files essential to the functioning of the OS intact and encrypting media, document, archive and database extensions.
Once encrypted, files affected by the Ritzer ransomware receive the ".ritzer" extension appended after their original one. This means that a file formerly named "waterfall.jpg" will transform into "waterfall.jpg.ritzer" following encryption.
The ransom note is deposited inside a plain text file called "read_it.txt" and does not contain a specific sum, only asking for Bitcoin as a payment method. The full text of the note goes as follows:
'Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :
Write on our e-mail apivovarov453 at protonmail dot com( In case of no answer in 24 hours check your spam folder
or write us to this e-mail: apivovarov453 at protonmail dot com)
Obtain Bitcoin (You have to pay for decryption in Bitcoins.
After payment we will send you the tool that will decrypt all your files.)'