Remove Rigj ransomware

Rigj ransomware is malware that encrypts files. This ransomware comes from the Djvu/STOP malware family. It is operated by a notorious cyber gang that releases malware every few days. The ransomware targets personal files, and once files are encrypted, you will not be able to open them unless you first run them through a decryptor. Unfortunately, the only people with a decryptor are the ones behind this ransomware. And considering that they are cybercriminals, they will not just give it to you for free. They will try to sell you the decryptor for $980.

 

 

Rigj ransomware is more or less identical to Robm, Iisa, Pqgs, and Utjg. Like most ransomware, they all target the files users are usually most willing to pay for. All of your personal files, including photos, videos, images, documents, etc., will be encrypted. All ransomware from the Djvu/STOP family adds different extensions to encrypted files, which is how you can differentiate them. In this case, .rigj will be added to files. As an example, an encrypted image.jpg file would become image.jpg.rigj. None of the files with this extension will be openable unless you use a decryptor on them first. However, obtaining the decryptor is not so easy.

File encryption will begin as soon as the malicious file is initiated. While it’s encrypting files, the ransomware will show a fake Windows update window. And once all personal files are encrypted, a _readme.txt ransom note will be dropped in all folders that contain encrypted files. The note is the usual one dropped by ransomware from this family. It explains how you can obtain the decryptor. Unfortunately, you will be asked to pay a ransom. The regular price for the decryptor is $980 but if you were to believe the note, people who make contact with the ransomware operators within the first 72 hours would receive a 50% discount. Whether that is actually the case or not, paying the ransom is not a good idea. One of the primary reasons why paying the ransom is risky is that a decryptor is not guaranteed. Keep in mind is that the people operating this ransomware are cybercriminals. It’s not likely that they will feel any kind of obligation to help you even after you pay. Many users in the past paid the ransom but received nothing in return. And one of the main reasons why ransomware is still so big is that victims keep paying the ransom. As long as it’s profitable for these cybercriminals, they will continue with their criminal activities.

For users with backup, recovering files should not be an issue. However, it’s essential that users first remove Rigj ransomware from the computer. If any traces of it remain and it’s able to recover, it could also encrypt files in the backup as well. This is why it’s strongly recommended to use anti-malware software to delete Rigj ransomware. Not only could you miss something, but you may also end up doing more damage if you try to get rid of it manually.

For users who have no backup, the only option may be to wait for a free decryptor to become available. There currently is a free Djvu/STOP decryptor by Emsisoft but, unfortunately, it will not work on Djvu/STOP versions released after 2019. That includes Rigj ransomware. This is mostly because Djvu/STOP ransomware versions use online keys to encrypt files. This makes developing a free decryptor very difficult because each victim has a unique key, and those keys are necessary for the decryptor. However, it’s not impossible that the key will be released eventually, either by law enforcement or the cybercriminals themselves if they ever decide to close up shop. So back up encrypted files, and wait for a free decryptor. NoMoreRansom is a good source for decryptors. We should also warn you that there are a lot of fake decryptors that carry malware so you need to be very careful.

How did ransomware infect your computer?

Malicious emails, or malspam, are one of the most common ways users infect their computers with ransomware. For cybercriminals, it’s a very low-effort, cheap method to widely spread their malware. They purchase thousands of leaked email addresses from hacker forums, write a low-effort email, attach a malicious file, and send it to potential victims. Because the emails are very generic, they are usually quite noticeable. This is fortunate for users because as long as they know what to look for, they will be able to identify the malicious emails. One of the most obvious signs is grammar/spelling mistakes in emails whose senders claim to be from companies whose services you use. For obvious reasons, legitimate emails will rarely contain mistakes. So when you notice an email that should be official have a lot of mistakes, be suspicious. Another thing to take note of is how senders address you. If you are sent an email by a company of which you are a customer, you will always be addressed by name. However, malicious emails use generic words like “User”, “Member”, “Customer” because they do not know your name. If you notice these signs or if anything about an email does not seem right, do not rush to open any attachments. And we strongly suggest always scanning unsolicited email attachments with anti-virus software or VirusTotal before opening them.

If you use torrents to download copyrighted content, you are risking picking up a malware infection. It’s not a secret that torrent sites are usually quite badly moderated, which malicious actors take full advantage of. They can easily upload malicious content disguised as some movie, TV series, video game, software, etc. You likely already know this but not only is pirating copyrighted content essentially stealing, but it’s also dangerous for the computer.

Rigj ransomware removal

We never recommend users try to remove ransomware manually because they could either not complete the process or cause more damage unless they know exactly what to do. Therefore, use anti-virus software to delete Rigj ransomware from the computer. Once the ransomware is fully gone, you can connect to your backup and start file recovery.