Rakhni ransomware is a notorious crypto-virus that can either mine cryptocurrency or encrypt target files

Rakhni ransomware — malicious program that can work like a Trojan horse[1] as well. This program has been known since 2013, but, at the moment, its developers returned with completely different features. Next, besides its ability to encrypt target data, the virus can also mine cryptocurrency. This malware can choose which feature to use on the target computer system, what makes it even more dangerous. However, Rakhni ransomware virus has mainly been targeting corporate users. If it decides to encrypt your files, it adds .excuses extension to the modified data and marks it in this way. Additionally, it drops MESSAGE.txt ransom note. The ransomware has already been spotted in Russia, Ukraine, and Germany, India.
| Name | Rakhni |
|---|---|
| Type | Ransomware |
| Family | Trojan-Ransom.Win32.Rakhni |
| File marker | 0x20000000 |
| File extension | .excuses |
| Ransom note | MESSAGE.txt |
| Contact email | excuses@protonmail.com |
| Distribution | Spam email attachments |
| Decryptor | RakhiniDecryptor |
| Elimination | The best tool for virus removal FortectIntego |
The main factor for this virus in choosing what to install and how should it act on the affected system is cryptocurrency. If this malware[2] finds any files related to Bitcoin, it starts running the encryption procedure to lock important victim's files and additionally force him or her to pay the ransom fee. Anything from MS Office files to PDFs can be encrypted without a chance to unlock it without a fee. These files can be marked with 0x20000000 marker or file extension .excuses.
Additionally, Rakhni ransomware leaves the ransom note in every folder which includes the encrypted data. Additionally, it drops the same note, typically called MESSAGE.txt, on computer's desktop. This file contains a ransom message that provides information about the encryption process and reveals more details about the virus itself. According to researchers, the message is believed to belong to Russians.
Ransom note reads (Translated from Russian):
You can buy the decrypt before 04/06/2018 Request cost: excuses@protonmail.com
In the subject of the letter, indicate your ID: [redacted numbers]
Letters without an ID are ignored.
Please do not try to decrypt files with third-party tools.
You can ruin them completely and even the original decryptor will not help.
Applications are processed by an automated system.
If there are no folders related to Bitcoin on the PC that is infected Rakhni ransomware releases a malware that works as a Bitcoin-miner trojan. The program believes that device is powerful enough to handle this activity of cryptocurrency mining. This Bitcoin mining can affect the performance of your computer and make it frustrating or barely usable.
You should think about Rakhni ransomware removal either way. This program is dangerous in every matter it works. It can significantly diminish the performance of your device.
This program displays an error message on the screen immediately after the infiltration. This note attracts users' attention while ransomware disables Windows Defender and installs additional pieces. Then, the virus determines which action to perform on the chosen device: encrypt files and demand a ransom or install a Bitcoin miner.
This malware can spread to another computer in the network. You need to remove Rakhni ransomware if you have it before it initiates additional dangerous activities on your or related computer. You should use anti-malware tools like FortectIntego for this.

Safe-looking email attachments spread malware
This virus comes vis spam email attachments that are often disguised as a document with important or useful info. Often Docx attachments in spam emails contain virus-filled documents.
Researchers[3] have information that in this case, it looks like a financial PDF and when people try to edit or open this file, the system allows to run an executable file which permits for the ransomware to work in a wanted way.
These emails often can look legitimate and sent from the reputable company, but that is just a disguise. You need to be aware that none of the spam emails are safe. Do not open or download any of them if you have a doubt.
Terminate Rakhni ransomware if you want to work on your computer safely again
To remove Rakhni ransomware, you need to use professional tools because leaving the data of the malicious actors can lead to various problems. You can rely on FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. But feel free to choose any program that you like.
The importance of this Rakhni ransomware removal is avoiding more harm to the system. This can affect your whole company. You should be aware of the possible threats and take security measures in time. You can train your staff on how to deal and react when it happens. Build a routine of regular check-ins.
Separating sensitive data and backing is very important. Reliable security equipment is the key to avoidance. You can be risking your whole business if not secured properly. Check for security vulnerabilities more often and use correct tools.
Was this guide helpful?
Be the first to comment