About Rguy ransomware

Rguy ransomware is file-encrypting malware that comes from the Djvu/STOP ransomware family. It is considered to be one of the most dangerous malware infections you can get because it essentially takes files hostage. Once inside a computer, it encrypts files and then demand that users pay money in order to recover them. For users who have copies of their files in a backup, file recovery should not be an issue. However, if users do not have backup, they may not be able to recover their files. The cybercriminals operating this ransomware will try to sell the decryptor to all victims. However, engaging with cyber criminals is often not recommended because it will not necessarily lead to a decryptor being sent to you. We will discuss the risks that come with paying the ransom in more detail later on in this report.

 

Rguy ransomware is essentially the same as all ransomware from the Djvu/STOP family. The cybercriminals operating this malware family have released hundreds of ransomware already, infecting thousands of users. The ransomware versions can be differentiated by the extensions they add to encrypted files. For example, this ransomware adds .rguy. As you likely already noticed, you will not be able to open any of the files with this extension. And since this ransomware targets photos, videos, documents, images, etc., you will lose access to essentially all of your personal files. There is the option of buying the decryptor from the cyber criminals but as we’ve said already, it comes with certain risks.

You can find information on how to acquire the decryptor in the _readme.txt ransom note that gets dropped in all folders containing encrypted files. The note is very generic and essentially the same as all other ransom notes dropped by ransomware in this malware family. According to the note, if you want to get the decryptor, you need to pay a ransom. Currently, the ransom is $980. However, according to the note, if users make contact with the cybercriminals within the first 72 hours, they will receive a 50% discount. Whether that is actually true or not is debatable, but paying comes with many risks. The most important thing to mention is that you are dealing with cybercriminals, and there are no guarantees that you’ll actually get the decryptor. The cybercriminals operating this ransomware are unlikely to feel any kind of obligation to help you. Countless users have not received their decryptors in the past. But it is your decision to make whether you wish to pay or not. It’s also worth mentioning that the reason why ransomware is so prevalent is that victims keep paying the ransom.

For users who have a backup, file recovery should not cause any issues. However, it is essential that users first remove Rguy ransomware from their computers. If the ransomware is still present when backup is accessed, the backed-up files would become encrypted as well. If that were to happen, files may be lost permanently. We strongly recommend using anti-malware software to remove Rguy ransomware because that is not only the safest but also the easiest method. This will ensure that no further damage comes to your computer and the malware is fully removed.

Unfortunately, if you do not have a backup, your options are very limited. The only option is to wait for a free Rguy ransomware decryptor to become available. There currently is no free decryptor because this ransomware uses online keys to encrypt files. This means that the keys are unique to each victim. Without those keys, malware researchers will be unable to develop a working decryptor that would decrypt files for all victims. However, it is not impossible that the keys will be released eventually by the cybercriminals themselves. It has happened in the past. In the meantime, we strongly recommend backing up your encrypted files and checking NoMoreRansom for a free decryptor.

Ransomware distribution methods

Email attachments are one of the most common ways cyber criminals distributor malware. It’s quite a low-effort method for cybercriminals because all they need to do is purchase email addresses from various hacker forums, write a semi-convincing email and attach a malicious file to it. Once users open the file, their computers become infected. But as long as users do not interact with those emails, they are harmless. Fortunately for users, malicious emails are often quite easy to recognise. The emails are usually full of grammar/spelling mistakes. An email from a company whose services you use would not contain any grammar/spelling mistakes because they would look unprofessional. Another sign is a sender who should know your name using generic User, Member, Customer etc., to address you. You likely already noticed but emails from senders who services you use always address you by your name. In some cases, the emails may be much more sophisticated which is why it’s always recommended to scan all email attachments with an anti-malware program or a service like VirusTotal before opening them.

Malware is also distributed through torrents. This is no secret, and many torrent users are already aware of this. Torrent websites are notoriously badly regulated which allows cyber criminals to easily upload malicious content disguised as torrents for popular movies, video games, TV series, software, etc. We strongly discourage users from using torrents to pirate because it’s not only stealing content, but it’s also dangerous for the computer and data.

Rguy ransomware removal

It is strongly recommended to use anti-malware software to remove Rguy ransomware from your computer. Do not attempt to do it manually because you could end up causing additional damage or not remove the ransomware fully. If you were to access your backup while the ransomware is still present on your computer, your backed-up files would become encrypted as well. This may mean that your files could be lost permanently. Therefore, use anti-malware software. Once the computer is free of ransomware, you can safely access your backup and start the file recovery process.