.Rapid Files Ransomware Virus – How to Remove and Restore Files

.Rapid Files Ransomware Virus – How to Remove and Restore Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article aims to explain to you what is .rapid file extension virus and how to remove this ransomware infection plus how to restore your encrypted files.

New ransomware virus, known by researchers as Rapid Ransomware Virus has been detected to infect more and more users as of recent days. The malware’s primary purpose is to encrypt the files on your computer and then encrypt each new file that is created, which is something that has not been seen to be done by ransomware before. This entirely new virus aims to slither past any standard protection and then leave behind the files on computers no longer able to be opened until the victim pays a hefty ransom fee. If your files have been encrypted with .rapid file extension, we recommend you to read the following article in order to learn how to remove this virus from your PC and try to restore files that have been encrypted by it.

Threat Summary

NameRapid Ransomware
TypeRansomware, Cryptovirus
Short DescriptionEncrypts files on your computer and then asks you to contact the hackers via the e-mail frenkmoddy@tuta.io or several other e-mails.
SymptomsRapid.exe *32 process running on your Windows Task Manager. Files encrypted with .rapid file extension. A ransom note, named How Recovery Files.txt dropped on your PC.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Rapid Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Rapid Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Rapid Ransomware – Update January 2019

The cybercriminals behind Rapid ransomware have been reported to be liars who do not provide a decryptor tool even when payment is made. In other situations where a decryptor is provided, only a few files have been decrypted with it. That is either due to the cybercriminals not wanting or not being able to decrypt users’ files. DO NOT pay anything as it seems that decryption is broken as reports being released in January 2019 regarding the matter.

.Rapid Ransomware – How Did I Get Infected

Most cyber-criminals, like the ones, who are behind Rapid Ransomware virus, aim to infect unsuspecting victims by making them open something that they believe is legitimate, like:

  • Fake setup of a program you may be looking to download online.
  • Fraudulent game patch, crackfix or software license activator.
  • Fake invoice, order receipt or other type of document.

The cyber-crooks are usually lazy enough to upload the malicious file in several websites to which the victim may arrive by looking for something to download, like favorite movie player, subtitles or anything similar. However, some become more proactive by spamming your Inbox with fake e-mails that pretend to carry legitimate e-mail attachments and have convincing statements that aim to trick you into opening these attachments, for example:

Usually those attachments carry the infection file instead of a document and this is the main method by which your PC may have been infected with .rapid files virus.

.Rapid Ransomware – More Information + Activity

Rapid ransomware belongs to the file encryption ransomware viruses type, meaning that it is one of the most devastating malware you could encounter. Upon infection, the virus may drop it’s payload of malicious files on your computer. From those, so far the main executable and the ransom note of the virus have been detected by malware researchers to exist in the %AppData% folder:

  • Info.exe
  • How Recovery Files.txt
  • Recovery.txt

In additon to the malicious files being dropped, the Rapid ransomware virus also makes sure they run automatically when you start your computer system by adding the following “Run” values in the “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” registry key of Windows:

→ “Encrypter”=”%AppData%\info.exe”

The recovery.txt may be the same as the How Recovery Files.txt ransom note file which both may have the following ransom note request:

All your files have been encrypted by us
If you want restore files write on e-mail {hackers’ e-mail}

The e-mails used by the cyber-crooks who are behind this nasty infection are several and ransomware researchers who have received live submissions on the project website Id-Ransoware.com have so far reported the following addresses to be used by the Rapid ransomware hackers:

→ rapid@rape.lol

In addition to contacting the victim via the ransom note, the virus also makes sure that you cannot recover the files of the infected computer by permanently deleting all of your volume shadow copies and disabling the recovery service. This happens by running the following commands as an administrator via a malicious script which may self-delete after execution:

→ bcdedit /set recoveryenabled No
bcdedit /set bootstatuspolicy ignoreallfailures
vssadmin.exe Delete Shadow /All /Quiet

But having all of these activities as standard for most ransomware viruses, this one is different. Rapid ransomware does not only encrypt the files on your computer, but also runs a process in the background of your computer system, called rapid.exe which makes sure every newly added file on your PC is also encrypted, meaning that you cannot use your computer to store important documents untill your remove this threat.

.Rapid Files Virus – Encryption

The encryption procedure behind Rapid ransomware virus includes the usage of an advanced encryption mode which aims to make it virtually impossible to directly decrypt the .rapid encrypted files without damaging them. The virus may target only important files that are ouside of Windows system folders, like:

  • Documents.
  • Videos.
  • Images.
  • Archives.
  • Virtual Drives.
  • Other often used files.

After .rapid files virus encrypts the files on your computer, the ransomware may also leave behind the .rapid file extension to them, making them appear like the image below shows:

Remove Rapid Ransomware and Restore .rapid Encrypted Files

In order to begin the removal of this virus, you will need to stop it first. This can happen by going into Windows Task Manager and looking for a process, named rapid.exe or info.exe that is not running by SYSTEM or Admin. This process should be stopped by right clicking on it and clicking ong End Process or End Task.

As soon as you have done that, you may follow the Rapid ransomware removal instructions down below. They are divided in manual and automatic removal methods. Be advised to only remove Rapid ransomware manually if you have done this before and are sure in your abilities and if not, experts strongly advise downloading an advanced anti-malware software. Such will make sure Rapid ransomware is automatically deleted from your computer and it is completely secure against all threats in the future too.

If you want to restore files that have been encrypted by .rapid files virus, be advised that you cannot directly decrypt them. Instead, we recommend you to follow the file recovery instructions below in step “2. Restore files, encrypted by .Rapid Ransomware” below. They are not 100% effective but with their aid you may be able to recover some of your important files.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

1 Comment

  1. AvatarVíctor

    Como recupero mis archivos encriptados con .rapid


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share