Rodentia Ransomware

Posted by Lisa Blanc on July 29, 2019

What is Rodentia Ransomware?

Rodentia Ransomware is the kind of malware that can instantly ruin your day. If it finds a security crack through which it can slither into your operating system, it might be able to encrypt your personal files. At the time of research, our analysts working in the Anti-Spyware-101.com internal lab did not see the threat encrypting files, but it was found that it is a modified version of the well-known Jigsaw Ransomware, and so it is possible that it could encrypt files successfully. Maybe a bug exists, and maybe it will be fixed in no time. Maybe the infection will remain helpless. In any case, if this infection got into your operating system, it is a good idea to delete it as soon as possible. If you keep reading this guide, you will learn how to remove Rodentia Ransomware, and, hopefully, you will also learn how to secure your operating system and, most important, your personal files against threats that could try to attack in the future.testtest

How does Rodentia Ransomware work?

Do you have an idea as to how the malicious Rodentia Ransomware got into your operating system? You might have no clue, but it is believed that this threat is likely to employ spam emails, malicious installers, or RDP vulnerabilities. It is a good idea to educate yourself on Windows vulnerabilities and backdoors that cyber criminals usually use to distribute malware. Keep in mind that, in most cases, disguises and tricks are used to help malware slither in without anyone’s notice. If security software is not installed to safeguard the system, nothing can stop Rodentia Ransomware and similar threats from invading. Once the launcher of this threat is executed, two copies are created to ensure that the infection remains active even after the launcher deletes itself. In our case, a copy named “Drpbx.exe” was created in %LOCALAPPDATA%\Drpbx\ (or %USERPROFILE%\Local Settings\Application Data\Drpbx\), and a copy named “firefox.exe” was created in %APPDATA%\Frfx\. As you can see, the names of these files and the folders containing them are misleading, which is meant to ensure that you do not remove them right away.

Once all elements are in place, Rodentia Ransomware should encrypt files, and the “.fucked” extension should be appended to all of their original names. After that, the threat should open a window with the ransom note inside. This ransom note identifies the infection, informs about encryption, and then demands a ransom of at least $20 to be paid in return for decryption to a special Bitcoin Wallet. The worst part is that Rodentia Ransomware threatens to remove files if the victim acts a certain way. It is stated that only a few files would be deleted initially, but on day two and three, hundreds and then thousands of files would be deleted. Turning off the computer would result in the removal of files as well. Unfortunately, we cannot guarantee that this is just a trick to make you pay the ransom right away. The ransomware could be capable of erasing your personal files, but if they are encrypted, they are already gone as a working decryptor does not exist, and the attackers are unlikely to provide one after they receive the payment. That being said, if your files are not encrypted, you do not want them erased, do you? This is why removal should be performed as soon as possible.

How to remove Rodentia Ransomware

Ultimately, Rodentia Ransomware is a mysterious threat, and it is quite possible that it was created by amateurs and that it will never become a serious infection. That being said, if it starts invading systems, encrypting files, and then even deleting some of them, you could face big problems. Without a doubt, it is easier to prevent this kind of malware from slithering into your operating system than it is deleting it once inside. Therefore, we strongly suggest that you install reliable anti-malware software and backup your files (use external backup, not internal) immediately. If you already need to delete Rodentia Ransomware, use the same anti-malware software to have it eliminated automatically, or follow the manual removal guide below. If you have questions, post them in the comments section right below.

Removal Instructions

N.B. The names of the files could be different on your computer.

  1. Tap Win+E keys to launch Windows Explorer.
  2. Enter %LOCALAPPDATA%\Drpbx\ (or %USERPROFILE%\Local Settings\Application Data\Drpbx\) into the quick access field at the top.
  3. Right-click and Delete the file named Drpbx.exe.
  4. Enter %APPDATA%\Frfx\ into the quick access field.
  5. Right-click and Delete the file named firefox.exe.
  6. Enter %APPDATA%\ into the quick access field.
  7. Right-click and Delete the folder named System32Work.
  8. Tap Win+R keys to launch Run and then enter regedit into the dialog box.
  9. In Registry Editor, move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  10. Right-click and Delete the value linked to the %APPDATA%\Frfx\firefox.exe file.
  11. Close all windows and Empty Recycle Bin.
  12. Install a trustworthy malware scanner and use it to perform a thorough system scan. 100% FREE spyware scan and
    tested removal of Rodentia Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *