How to Detect & Remove ROGER Ransomware
The ROGER ransomware is a strain of file-encrypting malware that was discovered by security researchers. It belongs to the broader family of Crysis/Dharma ransomware variants. Even though the ROGER ransomware itself is not a top-level hierarchical representative of a big ransomware variant group, there have been a number of variants of the ROGER strain, using different contact emails and likely operated by different cybercriminal affiliates.
The ROGER ransomware will encrypt practically all files on a target system, leaving only system-essential files intact. Encrypted files will receive a complex, multi-string extension, consisting of the ID of the victim, the contact email of the ransomware operator and the ".ROGER" extension.
This means that a file that was originally named "image.jpg" will turn into "image.jpg.id-[alphanumeric string].[Pexdatax@gmail dot com].ROGER.
The ransom note is dropped inside a plain-text file named "FILES ENCRYPTED.txt" that is created on the desktop. Additionally, a pop-up window is displayed when encryption completes, showing the ransom demands.
The text displayed in the pop-up window goes as follows:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:[onion address]/?ticket=[alphanumeric string]
Use Tor Browser to access this address.
If you have not been answered via the link within 12 hours, write to us by e-mail:Pexdatax at gmail dot com
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.