.RCRYPTED File Extension
Ryuk Ransomware Encrypted File
2.0 | 1 Vote
What is an RCRYPTED file?
An RCRYPTED file is a file that has been renamed and encrypted by Ryuk ransomware, which is malware distributed by cybercriminals. It contains a file, such as a document or spreadsheet, that the ransomware is holding hostage. RCRYPTED files may also be encrypted as .RYK files.
The existence of Ryuk ransomware was first reported in 2018. It is not like typical ransomware, which encrypts all of the user's files. Instead, it targets larger companies, such as health organizations, and encrypts essential files storing critical data. The larger companies also have more network entry points and money to pay the ransom.
How did Ryuk ransomware infect my computer?
Ryuk is typically distributed via phishing emails that come with Microsoft-related files, such as a .DOCX or .XLSX file, attached. The messages trick recipients into downloading attached files that store the ransomware. Then, when you open the file and unknowingly execute the ransomware, it infects the computer.
However, a self-propagating variant of Ryuk ransomware was discovered in early 2021. This variant can infect computers connected within a network, which means you may not have downloaded anything suspicious, but your computer may still be compromised.
How did Ryuk encrypt my files?
After Ryuk infects a computer, it encrypts critical files and appends their extensions with the .rycrypted (or .ryk) extension. For example, an example.xls file becomes example.xls.rcrypted or example.xls.ryk.
After encrypting files, the ransomware then attempts to delete or disable any backup files and system restore points it can find, to ensure users must pay the ransom to decrypt their files. At that point, the criminals behind Ryuk reach out to the infected user or organization, asking for a ransom paid in Bitcoin. (FileInfo recommends you never pay a ransom to decrypt your files.)
How to open an RCRYPTED file
Since RCRYPTED files are encrypted and cannot be decrypted, you cannot open them. Typically, the best option for restoring ransomware-encrypted files to their previous state is to perform a System Restore. However, Ryuk often disables this option, which will not allow you to restore your system to a previous state. At this time, there is no solution for removing the Ryuk ransomware and restoring files encrypted as RCRYPTED files.
FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee that paying a ransom will give you access to your files. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.