WinRarer is the latest ransomware that uses the encryption of the popular WinRar program to encrypt users’ files. If the virus gets into your system, it will lock your important files in a single .ace archive that is protected with a password. The password seems to be extremely long to prevent you from trying a brute force program to crack it easily. To see how to remove this ransomware and what ways you can try to restore your files, read the article, carefully.
|Short Description||The ransomware will lock your files in an archive and display a ransom note with instructions for payment.|
|Symptoms||The ransom note is also a screen locker and all encrypted files are locked in an .ace password protected archive.|
|Distribution Method||Spam Emails, Email Attachments, Executables|
See If Your System Has Been Affected by WinRarer
Malware Removal Tool
|User Experience||Join Our Forum to Discuss WinRarer.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
WinRarer Ransomware – Infection
The WinRarer ransomware can enter your personal computer through various ways. Interestingly enough, the malicious payload file can hide inside torrents for games. One such example is Battlefield 1 and games that run Denuvo protection, as pirated versions can always be filled with malware. The protection makes it harder for people to crack it and when people see there is a working version they download it as if it’s hot bread. Another example of such distribution is the MM Locker Ransomware.
That way of infecting users does not exclude of others being in play. The payload file might be spread via spam e-mails as an attachment and make you believe that it is something important. Opening the attached file will infect your PC. The WinRarer ransomware might also infect your system by delivering its payload via social media and file-share networks. Refrain from opening files from suspicious sources, e-mails or links. Do a scan with a security tool, check their size and signature. You should read the ransomware prevention tips from the topic in the forum.
WinRarer Ransomware – Details
A ransomware cryptovirus named WinRarer has surfaced on the Web. The virus uses WinRar to encrypt your files. Other ransomware viruses of this type have been seen in the past, but this one actually uses the name of the archiving tool.
When the WinRarer ransomware launches its payload, it can create entries in the Windows Registry. Thus, the ransomware can achieve persistence. The registry entries will make the virus start automatically with each boot of the Windows operating system. Your files will become locked in an archive, and after that, the ransom note will lock your desktop screen.
You will be presented with the payment instructions. The following files associated with the ransomware are put on your computer, when the encryption process is done:
The ransom message is spread around directories with encrypted files, and you can see how it looks from here:
The ransom message reads:
Attention : YOUR FILES were LOCKED
What happened ?
Your important files were LOCKED with Winrar
so its now unusable and unreadable,
The only way to get your files back is to pay us.
Otherwise, your files will be useless
How can I get my files back?
The only way to restore them to a normal condition is to use our
site to decrypt your key to get the password
follow the flowing steps to enter our site :
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Go to this site ( paste it in the url address ) : pgzhzhje5v7dzrcr.onion
4. Copy your id from the bottom of the page to paste in the site.
your id is : [Redacted]
On top of that, there is a file called RecoverYourFiles.jpg, which also serves as a screen locker and shows the following image on your desktop:
The file reads:
YOUR FILES LOCKED
WHAT HAPPENED ?
YOUR IMPORTANT FILES WERE LOCKED WITH WINRAR
SO ITS NOW UNUSABLE AND UNREADABLE,
THE ONLY WAY TO GET YOUR FILES BACK IS TO PAY US.
OTHERWISE, YOUR FILES WILL BE LOST.
HOW CAN I GET MY FILES BACK?
THE ONLY WAY TO RESTORE THEM TO A NORMAL CONDITION IS TO USE OUR
SITE TO DECRYPT YOUR KEY TO GET THE PASSWORD
FOLLOW THE FLOWING STEPS TO ENTER OUR SITE:
1. DOWNLOAD AND INSTALL TOR-BROWSER: HTTP://WWW.TORPROJECT.ORG
2. AFTER A SUCCESSFUL INSTALLATION, RUN THE BROWSER AND WAIT FOR INITIALIZATION.
3. GO TO THIS SITE USING TOR BROWSER ONLY: [Redacted] 4. COPY YOUR ID FROM RECOVERYOURFILES.HTM FILE AND PASTE IT IN THE SITE
IF YOU ARE LOOKING FOR A JOB ENTER THE SITE AND GET YOUR OWN LOCKER
You are not given a specific deadline for paying or contacting the cybercriminals. The note with instructions just states that your only option is to pay to recover your files. That is not true. Besides, you should NOT contact the cyber crooks or pay the ransom, as you will fund criminal activity. Not only that, but there is no guarantee that your files will become accessible again if you do pay. Furthermore, the criminals will probably use the money for a new ransomware project.
The WinRarer ransomware will lock your files by using WinRar. Your files will be placed in a single .ace archive. That archive is password protected, and the key used for it is very long, so it can prevent simple brute-forcers from being used. Documents, drivers, photos, databases and many other file types will be among the locked files. WinRar uses the AES encryption algorithm with 128 bits, so your files are in fact encrypted.
The WinRarer cryptovirus is very possible to erase the Shadow Volume Copies from the Windows operating system by using the following command:
→vssadmin.exe delete shadows /all /Quiet
Read more to see what types of methods you can try to restore parts of your data.
Remove WinRarer Ransomware and Restore Your Files
If your computer got infected with the WinRarer ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by WinRarer.
Manually delete WinRarer from your computer
Note! Substantial notification about the WinRarer threat: Manual removal of WinRarer requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.