Rodentia Ransomware Removal Guide

Rodentia Ransomware, according to our research team, is a modified version of Jigsaw Ransomware. What does that mean? That does not necessarily mean that the new threat is as powerful as its predecessor or that it was created and is controlled by the same people. However, it is an infection, and whether or not it encrypts files and causes other issues, learning about it is important. Without a doubt, if it manages to invade operating systems, its removal is an important topic too. The unfortunate thing is that infections from the Jigsaw Ransomware family are not decryptable. Also, they are sometimes capable of removing the encrypted files too. Without a doubt, this could create obstacles for those who need to delete Rodentia Ransomware from their Windows operating systems. Are you one of these people? Hopefully, your files are not encrypted, and if they are, you have backups that can act as replacements.

Our research team obtained a sample of Rodentia Ransomware, and it did not work properly. We still do not know how this malicious threat spreads, but, most likely, it is distributed using spam email attachments or remote access vulnerabilities. That is how most file-encryptors spread, and, unfortunately, the victims can blame no one but themselves for a successful invasion. If you are cautious about the emails you interact with, if you do not download random files from unreliable sources, if you do not click on suspicious links, and if you take care of your system’s security, it should not be hard to secure your operating system. After invasion, Rodentia Ransomware creates %APPDATA%\Frfx\firefox.exe and %LOCALAPPDATA%\Drpbx\Drpbx.exe (%USERPROFILE%\Local Settings\Application Data\Drpbx\Drpbx.exe) files that are copies of the original file. So, even if you remove Rodentia Ransomware launcher right away, the infection is likely to remain intact on your system without your knowledge. The “firefox.exe” file has a point of execution created in the Windows registry (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) too, and the infection also creates the %APPDATA%\System32Work folder containing files named “EncryptedFileList.txt” and “Address.txt.”

If Rodentia Ransomware worked as planned, it should encrypt files and add the “.fucked” extension to help you identify them faster. After that, it should launch a window with an intimidating message. At the bottom of this message, you have a request stating that you must “send at least $20 worth of Bitcoin” to a wallet whose address is 3K4XqrepBogMkrFJizfKt4gs8byGhQKXn5. At the time of research, 15 transactions had been received, and the total was 0.0145 Bitcoin, which was around $140. Of course, we do not know if this address is not linked to a different infection or a different scam, or if the attackers are not using it in other ways. The ransom note represented by Rodentia Ransomware also claims that if victims wait to pay the ransom or if they turn off the computer, their personal files would be deleted. While that is unlikely to be the case, we cannot make any guarantees here. Maybe the infection does delete files, and maybe it does not. Either way, taking risks is not a good idea, and it is wise to remove the ransomware as soon as possible.

If you delete all components listed in the Rodentia Ransomware removal guide below, you should be able to get rid of the infection. Of course, in the end, you want to inspect your system using a legitimate malware scanner because you do not want to leave any missed components behind. For example, if the launcher of the infection does not delete itself like it should, the scanner will detect it and warn you about it. If you are looking for a different option, we suggest installing an anti-malware program that would automatically remove Rodentia Ransomware from your operating system. This is a great tool because it can efficiently clean your entire operating system and, at once, reinstate full-time protection to guarantee that you do not need to fear new threats. When it comes to files, if they were encrypted, you are unlikely to recover them (even by paying the ransom!), and that is why you must take care of backups. As long as backup copies are stored outside the system with original files, you will never lose another file again.

How to delete Rodentia Ransomware

1. Simultaneously tap Win+E keys to access Explorer.
2. Enter %LOCALAPPDATA% into the box at the top (depending on your Windows version, you might need to enter %USERPROFILE%\Local Settings\Application Data\).
3. Delete the folder named Drpbx with the malicious Drpbx.exe file inside.
4. Enter %APPDATA% into the field at the top.
5. Delete the folder named Frfx with the malicious firefox.exe file inside.
6. Enter %APPDATA% into the field at the top.
7. Delete the folder named System32Work with the files named EncryptedFileList.txt and Address.txt inside.
8. Simultaneously tap Win+R keys to access Run.
9. Enter regedit into the Open box to launch Registry Editor.
10. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
11. Delete the value whose value data points to the %APPDATA%\Frfx\firefox.exe file.
12. Empty Recycle Bin and then quickly perform a full system scan using a reliable malware scanner.