New cryptographic software called Rapid Ransomware became part of the news as the year started. This ransomware is highly malicious and strong in its built. After encrypting a device, it continues to encrypt every new file that is being created on the device, while simultaneously disabling automatic repairs. This ‘rapid’ action of this software makes it very difficult to perform the task of ransomware decrypt.
Few days ago, the group behind this ransomware launched its V2.0. Even though we are unable to notice any significant differences in its encryption module from the earlier version, nonetheless some minor digressions are there.
The most noticeable among them is the inclusion of a code that will detect the system locale of the device before launching its encryption assault. If the system locale of the attacked device is set to Russia, then the ransomware will not continue with its encryption activity on the device. This modification may be telling us about the origin of the developers of this ransomware.
Another change that can be seen in the latest version of Rapid Ransomware is a slight tweak in its method to notify the victims that their files have been locked down by a ransomware attack. In earlier versions, users got to know about the ransomware attack with the extension ‘.rapid’ added on the encrypted files. This extension also told the victims about the specific type of ransomware strain used to encrypt their files.
But in Rapid Ransomware V2.0, a long random string is generated in the extensions of encrypted files. In addition, a ransom note also appears at the top. The note warns the users against the use of third-party ransomware decrypt for the recovery of encrypted files, or else they have to suffer permanent loss of the data.
Like earlier versions, victims are still asked to get in touch to the instigators via email. According to security researches, there are chances that Rapid Ransomware V2.0 has been surfaced by accident because it is still available with unpacked source code and debugging files, which has helped researchers analyze its code.