Home Malware Programs Ransomware DDT Ransomware

DDT Ransomware

Posted: June 7, 2019

The DDT Ransomware is a variation of the Globe Imposter 2.0 Ransomware, the latest version of the Globe Imposter Ransomware file-locking Trojan. It imitates some of the symptoms of a competitor, the Globe Ransomware superficially while blocking your files and holding them hostage for a ransom. Let your anti-malware programs protect your PC by deleting the DDT Ransomware at the earliest opportunity and have backups for undoing any file loss.

A Program that's Poisoning Your Files Not-So-Slowly

Samples of a new version of the Ransomware-as-a-Service family that apes its betters are using the arguably-appropriate brand of 'DDT,' referencing the infamous, and often banned, insecticide. The DDT Ransomware is an unsurprising new member of the Globe Imposter Ransomware's 2.0 iteration, which remains active in 2019, albeit not to the same levels as, for example, the Dharma Ransomware. Malware experts have yet to isolate the geolocation details of any victims, but the DDT Ransomware seems to be pretending that it's a Windows component.

The DDT Ransomware's executable hides with the misleading name of 'CMD,' which refers to the Command Prompt that's an integral part of Windows operating systems. Since it's rare for users to be asked to download this program manually, the threat actor is likely introducing it through other methods instead of tricking victims into accepting a fake Windows update. Some infection vectors that it might use include e-mail spam with accompanying drive-by-downloads through documents, or a brute-force attack that compromises the login of a vulnerable server.

When it does get onto the PC, the DDT Ransomware launches an encryption routine consisting of secure AES, much like the ANAMI Ransomware, the BKC Ransomware, the .DOCM Ransomware or the Healforyou Ransomware. As always, it translates the data of files like documents, pictures, spreadsheets, or slideshows into temporarily-illegible content that only the threat actors can unlock with their corresponding key. While old versions of the Globe Imposter Ransomware family have a free decryptor, malware experts, sadly, note that the 2.0 releases, like the DDT Ransomware, are secure.

Getting Around to Banning Toxic Trojans

A backup is an always-relevant solution for undoing the damage of all file-locking Trojans with as little trouble as possible. However, since local backups tend to be deleted or encrypted, users should save them to other devices. A ransom payment for a decryptor has other risks – such as not getting anything after giving the money to the extortionist.

Windows users should protect themselves by avoiding opening downloads before scanning them for threats, disabling high-risk features like JavaScript, and staying away from illicit download resources. Anyone needing a replacement of the CMD program for Windows should acquire it from a Microsoft-authorized source directly and avoid pop-ups or download links from third-party websites. Anti-malware programs are detecting and removing the DDT Ransomware with high accuracy and should have no issues with disinfecting computers.

The DDT Ransomware is only as toxic to your digital media as you give it the license to be by taking poor care of your work. A backup now and then is more than just paranoia; it's preventative medicine for countering the ills of Ransomware-as-a-Service's profitability.

Related Posts

Loading...