• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 958
  • Last Modified:

Has anyone found a decryptor for ransomware *.rapid?

I need a decryptor for ransomware *.rapid.  This ransomware has manifested itself on administrative files for a school.  I don't know if anyone has been able to find a solution for this at this time.
1 Solution
Dr. KlahnPrincipal Software EngineerCommented:
According to the No More Ransom project, none is available at this time.


Over the last few months a new wrinkle has come along in ransomware.  The criminals now take your money and don't deliver the key.  In the past there was about a 1 in 3 chance of getting a key; at present it looks like that's going to become a zero percent chance.  

What you can do:

If the data on the system is irreplaceable and has long-term value, make a full image of the drive to a removable USB device, label it "INFECTED DO NOT USE", put it in a bag, seal the bag, and label the bag "RANSOMWARE INFECTED DO NOT USE."  This won't prevent a random idiot from using the drive and infecting other systems, but at least they won't have any excuse for it.

Then erase the drive with a product such as Darik's Boot and Nuke, and restore from the most recent full backup that is known to be uninfected.  If there is no backup, reload Windows from scratch.  Once a system is infected with an aggressive virus like this one, the drive cannot be trusted without complete erasure.

The ransomware uses a 2048-bit key and encryption keys are now generated per-system to avoid one-key-unlocks-all, so it's unlikely that it will ever be decrypted unless there's an error in the code.

There's a discussion of the topic at the link below:

JohnBusiness Consultant (Owner)Commented:
You need to now take preventative actions:

1. Keep regular and complete back ups.
2. Implement a top notch spam filter (this stuff normally comes by email)
3. Train people not to open emails from strangers.
4. Train people not to browse to dodgy web sites.

As stated above, little to no hope of recovering your data so you must start again.
btanExec ConsultantCommented:
This is also was asked in another EE question. In short, no decryptor and please do not pay ransom as instructed otherwise you are supporting the attacker doing.

Only rely on your latest backup and quickly isolated that infected machine and rebuild it. If I will you then it is better to find out how the infection would have penetrated into the machine. The threats may still be lurking around e.g. infected email attachment, temp folder with remaining payload files, infected USB drive, infected file shares, etc. Err on safe side consider change password for victim if there arw observed suspicious activity on the online Web mail or social accounts. The preventive measures as shared by experts are important moving forward otherwise recurrence is expected.

Naveen SharmaCommented:
How to remove Rapid Ransomware and decrypt .rapid or .paymeme files:

What can you do if you’ve become the victim of a ransomware attack:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now