Cyber Security Center

Remove Rrcc ransomware


Rrcc ransomware is a generic version of the Djvu/STOP ransomware. It will encrypt your personal files, add the .rrcc extension to them, and demand that you pay for their decryption. It’s one of the most recent Djvu versions, but hundreds have been released in the past. Once files have been encrypted, you will not be able to open them unless you first use a special decryptor on them. However, getting the decryptor will be quite difficult. So unless you have a backup, recovering files may not be possible at the moment.

 

Rrcc ransomware note

 

As soon as the ransomware is initiated it will start encrypting your files. It will target photos, videos, images, documents, and all other personal files. Encrypted files will have the .rrcc extension added to them. For example, image.jpg would become image.jpg.rrcc if encrypted. The ransomware will also drop a _readme.txt ransom note that explains how to get the decryptor. The decryptor costs $980 but there supposedly is a 50% discount for those who make contact with the cyber criminals within 72 hours. Regardless of whether the discount part is true or not, paying the ransom is not recommended. You are not guaranteed a decryptor even if you pay because cybercriminals can just take your money and not send anything in return.

Make sure to use anti-malware software to remove Rrcc ransomware from your computer. Manual Rrcc ransomware removal could cause additional damage to your computer because it’s a fairly complex infection. Once the ransomware has been removed, you can connect to your backup and start recovering files. You should also keep the anti-virus program installed to avoid future ransomware attacks. Anti-virus programs that have a ransomware protection feature will not only detect when a malicious file is initiated but will also prevent malicious processes from making changes to files (aka encrypting them).

If you do not have a backup, recovering files may not even be possible at the moment. Your only option is to wait for a free Rrcc ransomware decryptor to be released by malware researchers. However, when, or even if, the decryptor will be released is not certain because Rrcc ransomware uses online keys to encrypt files. This means that the keys are unique to each user, and unless those keys are released by the malware operators, a decryptor is not very likely. Nonetheless, back up your encrypted files and wait for a free Rrcc ransomware decryptor.

How is ransomware distributed?

  • Email attachments

Opening malicious email attachments is one of the most common ways users infect their computers with malware. If your email address has been leaked in the past, you’re very likely to receive a malicious email at some point. But fortunately, the emails are quite obvious in most cases. First of all, they are full of grammar and spelling mistakes. Malicious senders usually pretend to be from legitimate/known companies but when the email is full of grammar and spelling mistakes, it becomes quite obvious that the email could be malicious. Malicious emails will also address you with generic words like Customer, Member, User, etc. because they do not know your name. All legitimate emails that require you to do something (e.g. open an attachment, click on a link, etc.) will address you by your name. But in some cases, the emails are more sophisticated, which is why you should always scan unsolicited email attachments with anti-virus software or VirusTotal.

  • Torrents

Torrents are a very common way users pick up malware infections. It’s no secret that torrent sites are often quite poorly moderated, and this allows malicious actors to upload torrents with malware in them. When unsuspecting users download the torrent, they unknowingly infect their computers with the malware in it. It’s especially common to find malware in torrents for movies TV series, video games, and software, as those are the types of torrents users download most often. We strongly advise against pirating using torrents (and pirating in general) because it’s both stealing content and dangerous for your computer/data.

  • Vulnerabilities

The importance of installing updates and keeping your OS/software up to date cannot be stressed enough. Updates patch discovered vulnerabilities, and not installing them is making your device vulnerable to attack. Malicious actors often use various vulnerabilities to install malware on target devices, so if you want to avoid that, make sure to install updates in time.

Rrcc ransomware removal

Considering that ransomware is a very complex infection, you shouldn’t try to remove Rrcc ransomware manually. You could accidentally cause additional damage to your computer, or not remove all of the ransomware’s components. This could later allow the ransomware to recover, and if you were connected to your backup at that moment, the backed-up files would become encrypted as well. Thus, we strongly recommend using anti-malware software to remove Rrcc ransomware from the computer. Once the ransomware is fully removed, you can access your backup to start recovering files.

If you do not have a backup, waiting for a free Rrcc ransomware decryptor is your only option at the moment. Back up your encrypted files and store them safely until a free Rrcc ransomware decryptor is released. But we should caution you to be very careful when looking for decryptors because there are many fake ones advertised on questionable forums. NoMoreRansom is a safe source to download decryptors from, and if it were to be released, it would appear on NoMoreRansom.

Rrcc ransomware detections

Rrcc ransomware is detected as:

  • Win32:PWSX-gen [Trj] by Avast/AVG
  • Trojan-Banker.Win32.Passteal.ph by Kaspersky
  • Artemis!93E23E5BED55 by McAfee
  • Trojan:Win32/Floxif.AV!MTB by Microsoft
  • TrojanSpy.Win32.REDLINE.YXCEMZ by TrendMicro
  • Trojan.GenericKD.49026290 by BitDefender
  • Trojan.GenericKD.49026290 (B) by Emsisoft
  • Spyware.FFDroider by Malwarebytes