Tag Archives: RZA4096 removal tool

Files Are Encrypted by RZA4096 – How to Remove RZA4096?

What Is RZA4096?

RZA4096 is a new variant of the infamous file encrypting virus – RSA4096. Same as other ransomware, It is also disseminated via spam email attachments and Trojan.  Most of users got attacked by RZA4096 virus when opening attached files downloaded from spam emails, which pretend to be payment notification, invoice, or other important material associated with online shopping. At the moment RZA4096 is activated on your computer, a disaster has come to you. It execute commands to encrypt all your personal files with .crypt or other extensions and then you cannot open any of them at all. There will be a file such as !Recovery_.htm or !Recover_.txt generated on each folder of you files to tell you what has  happened to your files and how can you recover the files. Here are the messages from RZA4096 ransomware:

@@@@@@@ NOT YOUR LANGUAGE? USE https://translate.google.com
@@@@@@@ What happened to your files ?
@@@@@@@ All of your files were protected by a strong encryption with RZA4096
@@@@@@@ More information about the en-Xryption keys using RZA4096 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
@@@@@@@ How did this happen ?
@@@@@@@ !!! Specially for your PC was generated personal RZA4096 Key , both publik and private.
@@@@@@@ !!! ALL YOUR FILES were en-Xrypted with the publik key, which has been transferred to your computer via the Internet.
@@@@@@@ !!! Decrypting of your files is only possible with the help of the privatt key and de-crypt program , which is on our Secret Server
@@@@@@@ What do I do ?
@@@@@@@ So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way
@@@@@@@ If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment
Your personal ID: XXXXXXXXXX
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
If for some reasons the addresses are not available, follow these steps:
1 – Download and install tor-browser: https://www.torproject.org/projects/torbrowser.html.en
2 – After a successful installation, run the browser
3 – Type in the address bar – https://6oxs5abbmzqvaa2a.onion
4 – Follow the instructions on the site

Be sure to copy your personal ID and the instruction link to your notepad not to lose them. 

Continue reading

Posted in Ransomware. Tagged with , , .