Home Malware Programs Ransomware Dme Ransomware

Dme Ransomware

Posted: October 9, 2020

The Dme Ransomware is a file-locking Trojan that's part of the Dharma Ransomware, a Ransomware-as-a-Service. The Dme Ransomware can block media files on infected computers with a typically-permanent encryption routine, along with erasing local backups. Users with non-local backups may recover readily, and the right anti-malware solution can protect PCs by removing the Dme Ransomware safely.

The Extortion that Advertises by Name

File-locking Trojans may struggle with naming themes and conventions or even resort to random gibberish as a low-effort marketing solution. This fact is even more accurate than most for Ransomware-as-a-Services as profuse as the Dharma Ransomware, one of its kind largest families. With offshoots from the Bmd Ransomware and the Cl Ransomware to the GTF Ransomware, the Rxx Ransomware, and the Kr Ransomware, these Trojans' admins exhibit little interest in marketing. The Dme Ransomware, a recent sample, is just barely different in that respect.

The Dme Ransomware is a Windows application with an installer under a megabyte, like most variants of the RaaS. Its core feature, AES-derived encryption, blocks files such as documents, spreadsheets, pictures and a range of other digital media. Typical to its RaaS, it also appends ransom-related information to each non-opening file's name, including a campaign-specific e-mail, an ID for the victim, and its 'dme' string.

The advanced HTML (as a pop-up alert) and TXT ransom note that the Dme Ransomware creates use the family formats, which ask for a ransom but provide no details, besides the e-mail. In the Dme Ransomware's case, the e-mail is self-explanatory, as it references the data-unlocking decryption solution, of which the extension is an apparent abbreviation. Besides this modest thematic relevancy, the Dme Ransomware has no novel additions to the RaaS formula.

The Drawback to Decryption on a Criminal's Schedule

Paying threat actors for unlocking data always is a risk, and even Ransomware-as-a-Service affiliates aren't honor-bound for providing data recovery services to the victims. The Dme Ransomware's ransom isn't known to malware researchers, and many similar fees fluctuate with the value of the 'hostage' data. However, many transactions involve hundreds to thousands of dollars, inevitably, in Bitcoins or an equivalent currency with inadequate refund protections.

Backups are a one-size-fits-all solution to attacks by the Dme Ransomware and file-locking Trojans of all sources. Users should save backups to other devices for optimal safety, mainly since malware analysts confirm that the Dme Ransomware will delete the Windows Restore Point-based ones. Windows users eager for preventing infection scenarios should monitor passwords for weaknesses, avoid illegal downloads and strange e-mail attachments, and turn off Flash, Java and JavaScript by default.

While the encryption routine in use by this family is well-protected, the obfuscation is trivial. Traditional cyber-security tools should delete the Dme Ransomware before the Trojan blocks files and are the gold standard for most disinfection needs.

The Dme Ransomware's name is an abbreviation of a ransom request, but decryption with bribery doesn't always work out as planned. Those on Windows systems believing otherwise might find themselves out of both files and Bitcoins simultaneously.

Related Posts

Loading...