Home Malware Programs Ransomware Devil Ransomware

Devil Ransomware

Posted: January 6, 2020

The Devil Ransomware is a file-locking Trojan that's a part of the Dharma Ransomware or the Crysis Ransomware family. Threat actors 'hire' variants of the family for distribution at their pleasure and using them for locking files and extorting ransoms. Appropriate backup protocols will keep the Trojan from making your data permanently, and most anti-malware tools should flag and delete the Devil Ransomware.

Better the Devil You Know – or Not

As the year turns over, malware researchers are seeing unsurprisingly-steady evidence of new attacks involving the Ransomware-as-a-Service sector. Some families are more active than others, though, and the Devil Ransomware makes one of the first confirmations of the Dharma Ransomware for 2020. Without much new in its payload besides a change of theme and addresses, the Trojan represents the consistency of RaaS for making money, or, at least, convincing the hiring criminals that such a possibility isn't a statistical unicorn.

The Devil Ransomware's symptoms and major characteristics are virtually identical to those of its closest relatives: namely, recent Dharma Ransomware spinoffs like the IMI Ransomware, the Bitx Ransomware, the ROGER Ransomware or the Kharma Ransomware. It targets Windows environments with a straightforward, AES-based encryption feature that 'locks' files in well-known formats, such as documents. Cosmetically, the attack routine also applies a brand-new extension, which includes an e-mail address, along with the Devil Ransomware's name.

However, it's the ransoming notes that are the Devil Ransomware's final function and the one that commercializes its campaign. Both HTA (advanced HTML) and TXT (Notepad text) instructions give victims some necessary details on negotiating and buying a decryptor from the criminal. Since the free decryptor options for the Devil Ransomware's family are not promising, victims should maintain backups appropriately as the best alternative for media recovery.

Resisting Devilish Data Temptations

Paying ransoms to even the most well-known Ransomware-as-a-Service families comes with statistically-significant risks about getting that 'service.' Criminals can withhold decryption assistance, provide inadequate help that corrupts the files, or distribution Trojans with glitches that make recovery impossible. Historically, all of these issues are dangers with various file-locker Trojans and provide more incentive for not paying, if possible.

Besides the absolute importance and value behind a well-saved backup, malware researchers also advise users remaining vigilant for all of the current infection vectors. E-mail attachments can run corrupted macros or abuse vulnerabilities, which are most problematic with outdated versions of document and spreadsheet reader apps. Illicit downloading of torrents or using insecure passwords for your admin accounts, also, can invite infections.

Despite all of these hazards, detecting this threat should be a non-issue. All major anti-malware products can deal with the Dharma Ransomware family adequately and should block or uninstall the Devil Ransomware.

The Devil Ransomware sends your files to hell for little more than money, but material interests are much in-line with its devilish theme. Just like an actual devil, the Devil Ransomware may knock at one's door, but it takes a wrongdoer's inviting it inside for much to come of it.

Related Posts

Loading...