Rodentia Ransomware

Rodentia Ransomware is a malicious tool used for money extortion. After settling in, the malware ought to show a ransom note in which it should be stated that all private files were encrypted and they will be deleted one by one until a victim pays a ransom. Our researchers’ tested sample did not encrypt any data, but it could erase files, so users who encounter it should watch out. No doubt, if you do come across a version of Rodentia Ransomware that does not encrypt any files, all you have to do is erase it, and your data should be safe. The instructions showing how to delete it manually are available below and, of course, if you find the process too challenging, we recommend employing a reliable antimalware tool that could eliminate Rodentia Ransomware for you. As for more information on the malicious application, we encourage you to read the rest of this article.

At first, we ought to explain how the malware might end up on your system. Our specialists say Rodentia Ransomware should be spread the same as other similar threats. Probably, the most popular distribution channels for ransomware programs are Spam emails, unreliable file-sharing websites, suspicious pop-ups/notifications, etc. Therefore, it is vital to be careful with questionable material you could encounter while surfing the Internet. It is highly advisable to scan all suspicious email attachments or files downloaded from untrustworthy sources with a reliable antimalware tool. Additionally, users who wish to avoid malware at all costs should remove weaknesses like an outdated operating system or other software, weak passwords, unsecured RDP (Remote Desktop Protocol) connections, and so on.

To settle in Rodentia Ransomware might create a couple of copies of its launcher titled drpbx.exe in the %LOCALAPPDATA%\Drpbx and %USERPROFILE%\Local Settings\Application Data\Drpbx directories. The malicious application itself should create the folder named Drpbx. Victims might think that Drpbx is a shortcut for Dropbox and they might assume the folders and .exe files inside of them belong to this legit tool. Also, the malware may create a file called firefox.exe in the %APPDATA%\Frfx, which again might seem harmless to inexperienced users. Next, our tested version of Rodentia Ransomware attempted to encrypt a victim’s files, which it was supposed to mark with the .fucked extension. As said earlier, the version we tested did not encrypt anything. However, the malicious application still displayed a ransom note, which claimed the threat encrypted data on the infected device.

Moreover, Rodentia Ransomware’s message is supposed to scare victims into paying a ransom as it threatens to delete files it claims to have enciphered permanently. To be more accurate the note explains that: “During the first 24 hour you will only lose a few files, the second day a few hundred, the third day a few thousand, and so on.” Our researchers say the malware should be able to fulfill these threats. As you see, the malicious application is a variant of Jigsaw Ransomware, and threats from this family are known to have this function. If the malware encrypts your data and you have no way to restore it or wish to pay a ransom, the thought of losing locked data might not worry you. On the other hand, if the malicious application does not encrypt files and you can still access them, you may want to stop the threat from doing so.

For those who decide to remove Rodentia Ransomware, we can offer two options. The first one is to erase the malicious application manually. It is crucial to keep in mind that the task could be complicated. Still, if you feel you can handle it, we invite you to follow our prepared deletion instructions located below. In a case the process seems too challenging, we advise installing a reliable antimalware tool instead. Check your system with the selected security tool and click the removal button provided after the scan to eliminate Rodentia Ransomware and other identified threats.

Erase Rodentia Ransomware

1. Click Ctrl+Alt+Delete.
2. Choose Task Manager and select Processes.
3. Find a process belonging to the threat.
4. Mark it and click End Task.
5. Exit Task Manager.
6. Click Win+E.
7. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Locate the malicious application’s launcher (some suspicious file downloaded before the infection appeared).
9. Right-click it and select Delete.
10. Find these locations:
    %LOCALAPPDATA%\Drpbx
    %USERPROFILE%\Local Settings\Application Data\Drpbx
11. Locate files called Drpbx.exe, right-click them, and select Delete.
12. Find this specific directory: %APPDATA%\Frfx
13. Find an executable file titled firefox.exe, right-click it, and choose Delete.
14. Then go to: %APPDATA%
15. Find a folder called System32Work, right-click it, and choose Delete.
16. Exit File Explorer.
17. Press Win+R.
18. Insert Regedit and click Enter.
19. Find the given directory: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
20. Search for value names dropped by the threat, e.g., firefox.exe, right-click them, and select Delete.
21. Exit Registry Editor.
22. Empty Recycle Bin.
23. Restart the computer.