REBUS is a ransomware that was discovered by the security researcher, Michael Gillespie. It originates from Scarab family and gets to work as soon as it infiltrates the system. Its goals are pretty basic and to the point – take your data hostage by encrypting it and demand money for returning it to its normal state. The new extension that follows the pattern of “[32_random_digits_and_letters].REBUS” then gets appended to the files and they become unusable after that. For example, your “rays.jpg” image might get turned into something like “89A4m9D328112834GFB6F88A4CAE75E1.REBUS”. When all of your data is encrypted, the ransom note called “REBUS RECOVERY INFORMATION.TXT” is created and put into each of the folders on the PC. The following information can be found inside of it –
YOUR FILES ARE ENCRYPTED!
Your personal ID
Your documents, photos, databases, save games and other important data was encrypted.
Data recovery the necessary decryption tool. To get the decryption tool, should send an email to:
If you dont get reply in 24 hours use jabber:
Letter must include Your personal ID (see the beginning of this document).
In the proof we have decryption tool, you can send us 1 file for test decryption.
Next, you need to pay for the decryption tool.
In response letter You will receive the address of Bitcoin wallet which you need to perform the transfer of funds.
If you have no bitcoins
* Create Bitcoin purse: hxxps://blockchain.info
* Buy Bitcoin in the convenient way
hxxps://en.wikipedia.org/wiki/Bitcoin (the instruction for beginners)
– It doesn’t make sense to complain of us and to arrange a hysterics.
– Complaints having blocked e-mail, you deprive a possibility of the others, to decipher the computers.
Other people at whom computers are also ciphered you deprive of the ONLY hope to decipher. FOREVER.
– Just contact with us, we will stipulate conditions of interpretation of files and available payment,
in a friendly situation
– When money transfer is confirmed, You will receive the decrypter file for Your computer.
* Do not attempt to remove a program or run the anti-virus tools
* Attempts to decrypt the files will lead to loss of Your data
* Decoders other users is incompatible with Your data, as each user unique encryption key
It’s not currently known what type of encryption algorithm this threat employs and there’s also no decryption tool available for it. But, despite that it still isn’t necessary to pay money to people responsible for it. Instead of sponsoring them, invest it into a program like SpyHunter. The manual on how to use it is posted below the article, so follow it step by step and your efforts should eventually bring you the needed results. Once they do, recover your files from backup and make sure to prevent situations like this from unfolding again by adhering to certain guidelines going forward.
More specifically, limit your visits to shady sources and only go to them if you can’t find what you need anywhere else. Don’t install updates for your software if the prompt for that seems off. Refrain from clicking on links or advertisements hosted on file-sharing services and adult sites, don’t open the attachments that come with spam emails, and keep SpyHunter up-to-date and running all the time. If you do all that, it should be enough to give your computer the protection it needs.