RDPTEST Virus (.RDPTEST Files) Removal

The Rdptest virus falls within the Phobos ransomware family. Malware of such sort encrypts all user’s data on the computer (images, documents, excel tables, music, videos, etc) and adds its specific extension to every file, leaving the info.txt files in every folder with the encrypted files.

What is Rdptest virus?

☝️ Rdptest is a Phobos family ransomware infection.

The pattern of renaming is the following: id[xxxxx].[contact-email].rdptest. In the course of encryption, a file entitled, for instance, “report.docx” will be altered to “report.docx.id[1E857D00-3449].[[email protected]].rdptest”.

In each folder with the encoded files, a info.txt text file will be created. It is a ransom money note. Therein you can find information on the ways of contacting the racketeers and some other information. The ransom note usually contains instructions on how to buy the decryption tool from the racketeers. You can get this decryptor after contacting [email protected] through email. That is how they do it.

Rdptest Summary:

The info.txt file accompanying the Rdptest ransomware states the following:

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: [email protected].
If we don\'t answer in 24h., send e-mail to this address: [email protected]

In the screenshot below, you can see what a folder with files encrypted by the Rdptest looks like. Each filename has the “.rdptest” extension appended to it.

How did my machine catch Rdptest ransomware?

There are plenty of possible ways of ransomware infiltration.

Nowadays, there are three most popular ways for evil-doers to have ransomware working in your digital environment. These are email spam, Trojan introduction and peer networks.

• If you access your mailbox and see emails that look like familiar notifications from utility services providers, delivery agencies like FedEx, web-access providers, and whatnot, but whose sender is strange to you, be wary of opening those emails. They are most likely to have a viral item attached to them. Therefore, it is even more dangerous to open any attachments that come with letters like these.
• Another thing the hackers might try is a Trojan virus scheme. A Trojan is a program that infiltrates into your machine disguised as something different. For example, you download an installer of some program you need or an update for some service. But what is unpacked reveals itself a harmful agent that encrypts your data. Since the installation package can have any title and any icon, you have to make sure that you can trust the resource of the things you’re downloading. The optimal way is to use the software developers’ official websites.
• As for the peer-to-peer file transfer protocols like BitTorrent or eMule, the danger is that they are even more trust-based than the rest of the Internet. You can never know what you download until you get it. So you’d better be using trustworthy resources. Also, it is a good idea to scan the directory containing the downloaded items with the antivirus as soon as the downloading is finished.

How do I get rid of ransomware?

It is crucial to note that besides encrypting your files, the Rdptest virus will probably install Vidar Stealer on your computer to seize your credentials to different accounts (including cryptocurrency wallets). That program can extract your logins and passwords from your browser’s auto-filling data.

How сan I avoid ransomware attack?

Rdptest ransomware doesn’t have a endless power, neither does any similar malware.

You can protect yourself from its infiltration in several easy steps:

• Ignore any emails from unknown senders with unknown addresses, or with content that has likely no connection to something you are expecting (can you win in a money prize draw without participating in it?). In case the email subject is likely something you are expecting, check all elements of the questionable email carefully. A fake letter will always have mistakes.
• Never use cracked or unknown programs. Trojans are often distributed as an element of cracked products, most likely as a “patch” to prevent the license check. But untrusted programs are very hard to distinguish from reliable ones, as trojans may also have the functionality you need. You can try to find information on this program on the anti-malware forums, but the best solution is not to use such software.

FAQ

🤔 Can I somehow access “.rdptest” files?

There’s no way to do it, unless the files “.rdptest” files are decrypted.

🤔 The encrypted files are very important to me. How can I decrypt them quickly?

Hopefully, you have made a copy of those important files. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. The rest of the methods require patience.

🤔 What should I do if the Rdptest ransomware has blocked my PC and I can’t get the activation key.

🤔 What can I do right now?

Some of the blocked data can be found elsewhere.

• If you sent or received your important files through email, you could still download them from your online mailbox.
• You might have shared photographs or videos with your friends or family members. Simply ask them to send those pictures back to you.
• If you have initially downloaded any of your files from the Internet, you can try doing it again.
• Your messengers, social networks pages, and cloud drives might have all those files as well.
• Maybe you still have the needed files on your old PC, a portable device, phone, external storage, etc.

USEFUL TIP: You can employ data recovery programs² to get your lost data back since ransomware encrypts the copies of your files, deleting the original ones. In the tutorial below, you can see how to use PhotoRec for such a recovery, but be advised: you can do it only after you kill the ransomware itself with an antivirus program.

1. My files are encrypted by ransomware, what should I do now?
2. Here are Best Data Recovery Software Of 2023.