Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Rumba Ransomware

 

Systems Affected


All versions of Windows including Windows 7, Windows 8.1 and Windows 10

Threat Level


High


Overview


Rumba is a ransomware that restricts access to your data by encrypting files and then attempts to extort money from victims by asking for "ransom", in form of Bitcoin cryptocurrency, in exchange for access to data.


Description


The Rumba ransomware is distributed via spam email containing infected attachments or by exploiting vulnerabilities in the operating system and installed software. Majority of the reported incidents claims the ransomware hid behind freeware such as free video editing software, as well as corrupted links and torrents. It can also pretend to be a fake system or program update. Also, it can use spam emails that seems legitimate on the surface to deceive the victims, supposedly, the email may be from a well-known company. The contents urge you to click a link or download an attachment.
Once Rumba ransomware is installed on your computer it will create a random named executable in the %AppData% or %LocalAppData% folder. This executable will be launched and begin to scan all the drive letters on your computer for data files to encrypt. The Rumba ransomware searches for files with certain file extensions to encrypt. The files it encrypts include important productivity documents and files such as .doc, .docx, .xls, .pdf, among others. The Rumba ransomware changes the name of each encrypted file to the .Rumba format.
Once your files are encrypted, the ransomware will create the _openme.txt ransom note in each folder that a file has been encrypted and on the Windows desktop. These files will contain the instructions on how to contact the cyber criminals and get your files back.


Impact


Once infected with the ransomware, users will lose access to their files and documents. All the files will be encrypted and to recover the files victims supposed to submit the payment and get the decryption key.


Solution/ Workarounds


  ✦   Ensure you apply all updates on all your computers and devices. It’s particularly important to apply the latest Microsoft updates.
  ✦   Make sure not to download free software from untrusted sources.
  ✦   Do not open suspicious emails, download attachments or click on links you received via emails.
  ✦   Do not run software updates that are prompted by a third-party site. If you do need to update your software, directly get it updated through the vendor’s website.
  ✦   Ensure your anti-virus software is running and up-to-date.
  ✦   Make sure you back up your system. Store your files securely offline.


References


https://malwaretips.com/blogs/remove-pdfhelp-india-com-rumba/
https://www.virusresearch.org/remove-rumba-virus-rumba-file-recovery/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.