The .ROLDAT ransomware is a new variant of the STOP/DJVU family. It is very probable that it is made by an inexperienced hacking group as it is based on the base code of the main virus threat. Such customization options are widely available on the underground markets and communities. These samples can be spread using the most common distribution methods.
One of the most popular methods is to coordinate email phishing messages that pose as notifications that have been sent in by services. The attachments and built-in content will lead to the ransomware infection. A similar technique is the creation of malware sites that have been made by the hackers and pose as legitimate and safe destinations: portals, download pages or even search engines. They are hosted on similar sounding domain names and even self-signed or stolen certificates.
Most of the virus threats of the STOP ransomware family can also be caused by interaction with dangerous payload carriers such as setup files of popular end-user software such as system utilities, creativity suites and etc. Likewise in a similar manner the dangerous scripts can be integrated into the most famous file formats: presentations, spreadsheets, text files and databases. When opened by the victims a pop-up message will be presented asking the users to enable the built-in macros which will trigger the .ROLDAT ransomware infection. A popular alternative is the upload of malware browser plugins which are also known as hijackers. They are frequently uploaded to the relevant repositories with fake descriptions, fake reviews and developer credentials.
Usually these infections begin with an advanced information gathering module which will extract certain strings. They can reveal the identity of the victim users which can be used for conducting various crimes including financial abuse and identity theft. The engine can also retrieve machine metrics which can be fed to a special algorithm which will create an unique ID for each affected machine.
The collected information can be used by another module called security bypass which will allow the virus engine to disable the software which can block the proper ransomware behavior pattern. The list of apps that are commonly targeted include anti-virus programs, sandbox environments, firewalls and virtual machine hosts.
As soon as this is done all kinds of system changes can occur. This includes the setting up of the threat as a persistent threat which means that it will start every time the computer is booted. A related mechanism is modification of entries found within the Windows Registry. It can create new strings for itself and modify already existing ones — this can lead to serious performance issues and data loss. The made infections with the .ROLDAT ransomware may also be used to install other viruses — Trojans, miners and hijackers.
When all changes have been committed the actual ransomware operations will take place. Using a strong cipher target user data will be processed. Like previous STOP family samples a built-in list of target file type extensions may be used: documents, archives, backups, music, videos, images and etc. In the end the .ROLDAT extension will be applied to them. An associated ransomware note will be created in order to coerce the victims into paying the hackers a decryption fee.
|Short Description||The ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.|
|Symptoms||The ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by .ROLDAT Ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .ROLDAT Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.ROLDAT Ransomware – Update
The good news for all victims of STOP .ROLDAT ransomware is that the security researcher Michael Gillespie has found a flaw in the code of this variant and released an updated version of his STOP ransomware decrypter.
So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free .ROLDAT decryption tool and learn how to proceed with the decryption process.
Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of .ROLDAT ransomware infections.
.ROLDAT Ransomware – What Does It Do?
.ROLDAT Ransomware could spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet. .ROLDAT Ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.
.ROLDAT Ransomware is a cryptovirus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The main engine could make entries in the Windows Registry to achieve persistence, and interfere with processes in Windows.
The .ROLDAT Ransomware is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.
You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.
The .ROLDAT Ransomware cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:
→vssadmin.exe delete shadows /all /Quiet
If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.
Remove .ROLDAT Ransomware
If your computer system got infected with the .ROLDAT Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.