DBGer Ransomware
The DBGer Ransomware is a variant of the Satan Ransomware, a Trojan that locks your files with the AES encryption and creates text messages demanding money for decrypting them. Recent changes with this threat also imply that the campaign is targeting Asia-based business networks, rather than home users in other regions. Have appropriate network security settings for reducing the Trojan's access to other machines and let your anti-malware programs remove the DBGer Ransomware whenever they detect it.
A Devilish Trojan Shifts Its Strategy to the World of Business
While many file-locking Trojans target individual PCs at random, the trends of 2018 emphasize maximizing the potential for lucrative ransoms on a per infection basis. For threat actors, this principle means ignoring recreational or home use computers and, instead, compromising business, NGO and government networks. The new 'patch' for the Satan Ransomware, identifying itself as with the brand of the DBGer Ransomware, is displaying the shift in philosophy with its extra features.
The DBGer Ransomware's Ransomware-as-a-Service (or RaaS) family uses the AES encryption for locking different formats of media on a compromised Windows machine, including Word DOCs, MP3 audio, JPG pictures, ZIP archives and dozens of others. The DBGer Ransomware is notable for prepending an e-mail address for ransoming negotiations before the rest of the filename, as well as including the traditional appending of an extension (such as: '[dbger@protonmail.com]picture.gif.dbger'). There is no free decryption tool available, at this article's authorship date, and the victims without backups will have to choose between paying a potentially worthless ransom or losing their files.
However, the features that malware experts find interesting particularly are unrelated to the Trojan's encryption or ransoming functions. The DBGer Ransomware includes a new, built-in exploit-abusing feature associated with EternalBlue attacks against Server Message Block (SMB) protocols. The DBGer Ransomware also incorporates the password-collector application of Mimikatz, similarly to the BadRabbit Ransomware. Both changes could help the DBGer Ransomware travel through a network laterally and infect other PCs, locking their files and maximizing the data damage.
While its latest features are suggestive of enhancing network infectiousness, the DBGer Ransomware also could use its password-collecting features for transferring other confidential information to its threat actors for later abuse. The difficulty of decrypting the Satan Ransomware family's locked media also makes the DBGer Ransomware an immediate, and potentially, irreversible, danger to files that aren't backed up to secure storage, such as cloud servers or detachable hard drives. The DBGer Ransomware's ransom, which malware experts recommend against paying, is one Bitcoin, which values at over six thousand USD currently.
The DBGer Ransomware's campaign is delivering ransom messages targeting Asians, particularly, Korean and Chinese speakers. Malware researchers recommend monitoring e-mail attachments and links as particularly likely infection vectors for file-locking Trojans matching this threat's capabilities. While most brands of anti-malware protection should delete the DBGer Ransomware automatically, threat actors using brute-force attacks for installing it may disable or bypass that software.
The cyber-security industry is fortunate to have past examples of modular, network-infecting features for file-locking Trojans very similar to the DBGer Ransomware. The cost of not paying attention to your network's security standards is, more likely than not, measurable in Bitcoins, thanks to the trends with ever-more-prominent Trojans like this one.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.