A virus, belonging to the HiddenTear project, named Rush has continued to infect user PCs, adding the .crashed file extension after it encrypts their files. The virus is almost identical with Sanction ransomware with differences being the name, encryption and file extensions used. Rush ransomware uses a strong AES cipher to encode files and demands a ransom payoff of 2 BTC after encoding the files. The ransomware drops a note explaining what happened. It also includes instructions on how to use anonymous networking to pay the ransom money. Security experts strongly advise against making any ransom payoff to the developers of this virus since this may not result in getting your files back and furthermore, you support the cyber-criminals.
|Short Description||The ransomware encrypts files with 256 bit AES algorithm and demands a ransom payoff for decryption.|
|Symptoms||Files get encrypted and become inaccessible with an added .crashed file extension. A ransom message with instructions for paying the ransom is in a file that appears on your desktop.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks|
See If Your System Has Been Affected by Rush
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Rush Ransomware.|
Rush Ransomware – How It Spreads
This type of crypto virus is spread by different means. One of those is by utilizing expensive software to spread spam e-mails, containing a malicious attachment. If such file attachment is opened, the file will automatically activate scripts and drop Rush Ransomware on the infected PC. In some cases, malicious code may be directly written in the e-mail message itself.
Similar to other HiddenTear viruses, like Strictor or Sanction, Rush ransomware may spread in online places with file sharing capability. This group of sites includes file sharing websites, social networking sites and other online domains or programs which support file sharing.
Rush Ransomware – Detailed Information
This virus is put in the ransomware category by malware researchers. When it infects a given machine it may drop its files in different key Windows folders, for example:
- %User’s Profile%
Rush ransomware is also the type of virus that may leave its executables under different names which can vary from completely random to names that are identical to legitimate Windows processes, for example, svchost.exe.
These executables may run when you start Windows. To do this, Rush ransomware may conduct modifications in the Windows Registry Editor. Such modifications may be done in the Run key:
As soon as its malicious encrypting module is ran, Rush ransomware may immediately begin to encrypt the following file types:
The encrypted files are appended the .crashed file extension, for example:
After file encryption, Rush ransomware drops a ransom note, named DECRYPT_YOUR_FILES.HTML and it has the following:
The instructions point out to using bitcoin conversion websites in order to send and untraceable BitCoin payment to the cyber-crooks.
However, users are strongly advised to immediately remove this virus from their computer instead of complying with the cyber-criminals’ demands. Paying the ransom is no guarantee the files will be decrypted.
Remove Rush Ransomware and Restore .Crashed Files
To remove Rush ransomware, we strongly advise you to follow our step-by-step removal instructions outlined below. They are carefully designed to help you manually find and remove files associated with Rush Ransomware. However, if you are experiencing difficulties or are unsure the threat is gone, experts always advise downloading an advanced anti-malware software which will remove permanently Rush ransomware and protect your computer from ransomware like Rush in the future.
To try and restore access to your files we advise using the alternative methods in step “3. Restore files encrypted by Rush Ransomware”.
Manually delete Rush from your computer
Note! Substantial notification about the Rush threat: Manual removal of Rush requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.