IT security researchers discovered a new variant of ransomware which called “RAPID RANSOMWARE”. It appends the .rapid extension to encrypted file names. This blog post will provide you a brief summary of information related to this ransomware virus and how to restore all encrypted photos, documents and music for free.
Once started, the Rapid ransomware will scan the PC for certain file types and encrypt them. It will encrypt almost of files, including:
.epk, .ntl, .ybk, .vpk, .0, .orf, .xf, .xxx, .flv, .wmv, .ysp, .wsd, .icxs, .xbplate, .p12, .fsh, .sidd, .y, .cas, .wsc, .pfx, .wps, .wdp, .7z, .wm, .lbf, .2bp, .wbmp, .1, .wp4, .wb2, .wpd, .zif, .x3f, .psk, .ppt, .mdb, .das, .wmo, .bkp, .odp, .xls, .wp7, .rtf, .wmf, .rofl, .dmp, .x3f, .wpa, .erf, .layout, .iwd, .gho, .hplg, .d3dbsp, .litemod, .wire, .xlk, .raf, .syncdb, .docm, .desc, .m4a, .w3x, .asset, .pptx, .css, .vtf, .csv, .wp6, .t13, .3fr, .wbk, .rb, .bik, .wdb, .txt, .xyp, .wsh, .itl, .wmv, .crw, .vpp_pc, .wma, .avi, .pkpass, .webp, .sie, .fos, .wbm, .pef, .xlgc, .jpe, .apk, .ibank, .qdf, .mlx, .pdd, .xbdoc, .wgz, .hvpl, .xdb, .db0, .xx, .webdoc, .zw, .pptm, .rw2, .wpe, .iwi, .rgss3a, .mdf, .3ds, .xml, .wri, .ztmp, .xll, .yal, .xar, .r3d, .ptx, .wbz, .wbc, .dwg, .qic, .odt, .mov, .ods, .mcmeta, .ws, .itm, .x3d, .dcr, .sb, .vcf, .wpb, .dng, .sidn, .m2, .3dm, .xmind, .kdc, .docx, .xy3, .mrwref, .rim, .wpl, .wpd, .sid, .dazip, .cer, .pdf, .wav, .bay, .xld, .xyw, .dxg, .xdl, .xwp, .mp4, .doc, .bc6, .blob, .sav, .tax, .accdb, .srw, .vdf, .sql, .fpk, .ff, .ltx, .wmd, .zdc, .cr2, .xlsx, .x, .m3u, .der, .zip, .snx, .mpqge, .zip, .1st, .pst, .esm, .t12, .vfs0, .sum, .zabw, .cfr, .upk, .xlsm, .xpm, .rar, .raw, .odc, .ai, .kdb, .wp5, .jpg, .wma, .zdb, .lrf, .js, .dba, .bc7, .indd
When the ransomware encrypts a file, it will append the .rapid extension to each encrypted file. Once the ransomware finished enciphering of all documents, photos and music, it will create a file named “DECRYPT.[5-random-chars].txt” with ransom instructions on how to decrypt all personal files. You can see an one of the variants of the ransomnote below:
– ALL YOUR FILES ARE ENCRYPTED BY RAPID RANSOMWARE –
Dont worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase a Rapid Decryptor.
This software will decrypt all your encrypted files and will delete Rapid from your PC.
To get this software you need write on our e-mail:
2. firstname.lastname@example.org (if first email unavailable)
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt him for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Dont try to use third-party decryptor tools because it will destroy your files.
If your photos, documents and music have been encrypted by the Rapid ransomware virus, We recommends: do not to pay the ransom. If this malicious software make money for its authors, then your payment will only increase attacks against you. Of course, decryption without the private key is not possible, but that does not mean that the Rapid virus must seriously disrupt your live.
|Name||RAPID RANSOMWARE, RAPID 2.0 RANSOMWARE, RAPID 3.0 RANSOMWARE|
|Danger level||High, encrypts files on the infected computer, requires ransom for decrypting files|
|Related files||DECRYPT.[5-random-chars].txt, How Recovery Files.txt|
|Rapid Decryptor||At the moment there is no way to decrypt the files, then you can try to restore .rapid files using free software|
|Contact email@example.com, firstname.lastname@example.org, email@example.com or firstname.lastname@example.org|
The free utilities listed below can scan for and remove Rapid ransomware and prevent any further damage. After that you can restore encrypted documents, photos and music from their Shadow Copies or using file recover tool.
- What is RAPID RANSOMWARE
- How to decrypt .rapid files
- How to remove Rapid ransomware virus
- How to restore .rapid files
- How to prevent your personal computer from becoming infected by Rapid ransomware?
- Finish words
How to decrypt .rapid files
Currently there is no available way to decrypt .rapid files, but you have a chance to restore encrypted documents, photos and music for free. The virus uses a strong key. What does it mean to decrypt the files is impossible without the private key (Rapid Decryptor). Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the makers of the Rapid virus entire amount requested – the only way to try to get the decryption key and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the creators of the Rapid ransomware, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new virus.
How to remove Rapid ransomware virus
The Rapid ransomware can hide its components which are difficult for you to find out and delete completely. This may lead to the fact that after some time, the virus again infect your computer and encrypt your files. Moreover, I want to note that it is not always safe to remove virus manually, if you do not have much experience in setting up and configuring the Windows operating system. The best way to detect and get rid of Rapid virus is to run free malware removal applications which are listed below.
How to remove Rapid ransomware with Zemana Anti-malware
Zemana Anti-malware highly recommended, because it can find security threats such Rapid ransomware, ‘ad supported’ software and other malware that most ‘classic’ antivirus apps fail to pick up on. Moreover, if you have any Rapid removal problems which cannot be fixed by this tool automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.
Visit the page linked below to download Zemana Anti-Malware. Save it to your Desktop.
Author: Zemana Ltd
Category: Security tools
Update: February 14, 2019
When the download is finished, close all programs and windows on your computer. Double-click the install file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as shown in the following example, click the “Yes” button.
It will open the “Setup wizard” that will help you setup Zemana Free on your personal computer. Follow the prompts and do not make any changes to default settings.
Once install is finished successfully, Zemana AntiMalware will automatically start and you can see its main screen as shown below.
Now click the “Scan” button to search for Rapid ransomware related files, folders and registry keys. Depending on your system, the scan can take anywhere from a few minutes to close to an hour. While the Zemana Anti Malware application is scanning, you can see how many objects it has identified as threat.
When Zemana Free has completed scanning, Zemana Free will show a list of all threats detected by the scan. Review the results once the tool has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click “Next” button. The Zemana Anti-Malware will begin to remove Rapid virus and other security threats. Once the clean-up is finished, you may be prompted to reboot the PC.
Use Malwarebytes to delete Rapid ransomware virus
We advise using the Malwarebytes Free. You can download and install Malwarebytes to search for and remove Rapid ransomware virus from your PC system. When installed and updated, the free malware remover will automatically scan and detect all threats present on the PC system.
MalwareBytes Anti-Malware can be downloaded from the following link. Save it on your Microsoft Windows desktop.
Category: Security tools
Update: February 5, 2019
Once downloading is complete, close all programs and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s called mb3-setup like below.
When the installation starts, you’ll see the “Setup wizard” that will help you install Malwarebytes on your computer.
Once installation is finished, you will see window as on the image below.
Now click the “Scan Now” button to find Rapid ransomware virus and other kinds of potential threats such as malicious software and potentially unwanted software. Depending on your computer, the scan can take anywhere from a few minutes to close to an hour. During the scan MalwareBytes AntiMalware will find threats exist on your computer.
After the scan is complete, MalwareBytes will display a list of detected threats. Next, you need to press “Quarantine Selected” button.
The Malwarebytes will now begin to remove Rapid ransomware and other malicious software and potentially unwanted software. When the clean-up is finished, you may be prompted to restart your personal computer.
The following video explains steps on how to remove hijacker, ‘ad supported’ software and other malicious software with MalwareBytes.
Run KVRT to remove Rapid virus from the computer
KVRT is a free removal tool which can scan your computer for a wide range of security threats like the Rapid virus, ‘ad supported’ software, potentially unwanted programs as well as other malicious software. It will perform a deep scan of your PC system including hard drives and MS Windows registry. After a malicious software is detected, it will help you to get rid of all found threats from your system with a simple click.
Download Kaspersky virus removal tool (KVRT) on your Windows Desktop by clicking on the following link.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is finished, you’ll see the KVRT screen as displayed below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan for the Rapid virus . This process may take some time, so please be patient.
Once KVRT has finished scanning your personal computer, KVRT will display a list of all items found by the scan as shown in the following example.
Review the results once the tool has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click on Continue to start a cleaning process.
How to restore .rapid files
In some cases, you can restore files encrypted by Rapid ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted documents, photos and music.
Run ShadowExplorer to restore .rapid files
If automated backup (System Restore) is enabled, then you can use it to recover all encrypted files to previous versions.
Installing the ShadowExplorer is simple. First you will need to download ShadowExplorer by clicking on the link below.
Category: Security tools
Update: February 27, 2018
After downloading is finished, extract the saved file to a directory on your PC system. This will create the necessary files as shown in the following example.
Launch the ShadowExplorerPortable application. Now select the date (2) that you want to restore from and the drive (1) you want to recover files (folders) from as displayed on the screen below.
On right panel navigate to the file (folder) you wish to restore. Right-click to the file or folder and click the Export button as displayed on the screen below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Run PhotoRec to recover .rapid files
Before a file is encrypted, the Rapid ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your personal files using file recover software like PhotoRec.
Download PhotoRec by clicking on the following link. Save it on your Windows desktop or in any other place.
Category: Security tools
Update: March 1, 2018
Once downloading is done, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the following example.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will show a screen as shown on the image below.
Choose a drive to recover as displayed in the following example.
You will see a list of available partitions. Select a partition that holds encrypted files like below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is done, click OK button.
Next, press Browse button to select where recovered documents, photos and music should be written, then click Search.
Count of restored files is updated in real time. All restored documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the restore is complete, click on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents as displayed on the screen below.
All recovered personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to prevent your personal computer from becoming infected by Rapid virus?
Most antivirus apps already have built-in protection system against the virus. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the CryptoPrevent.
Use CryptoPrevent to protect your PC system from Rapid virus
Download CryptoPrevent on your personal computer by clicking on the link below.
Run it and follow the setup wizard. Once the installation is finished, you’ll be displayed a window where you can choose a level of protection, as displayed in the following example.
Now click the Apply button to activate the protection.
Now your PC should be clean of the Rapid ransomware virus. Uninstall MalwareBytes Free and KVRT. We recommend that you keep Zemana Free (to periodically scan your computer for new malicious software). Make sure that you have all the Critical Updates recommended for Microsoft Windows operating system. Without regular updates you WILL NOT be protected when new virus, harmful applications and adware are released.
If you are still having problems while trying to remove Rapid ransomware virus from your PC, then ask for help here.