Dqb Ransomware
The Dqb Ransomware is a file-locking Trojan that's capable of stopping media like documents from opening by encrypting it. Its attacks have no current decryption solution that users can avail themselves of for free, which emphasizes the need for a secured backup. Anti-malware services offer additional protection by blocking this threat or uninstalling the Dqb Ransomware as needed.
A Pair of Troublemakers Acting Out against Web Servers
Threat actors showing their hands in their latest campaigns are running a high-specificity set of campaigns against business or government servers, presumably, after compromising them with brute-force applications, software vulnerabilities or e-mail. These attacks involve two minor variants of the Dharma Ransomware: thePhp Ransomware and the Dqb Ransomware. Both of these programs conduct encryption attacks against media for ransoming them. Despite the generic nature of its payload, the Dqb Ransomware goes a little farther than its many relatives by elaborating on the types of victims it's seeking.
The Dqb Ransomware uses AES encryption as a secure way of locking content, just like its kindred like the 'suppfirecrypt@qq.com' Ransomware, the '.cccmn File Extension' Ransomware, the 'syndicateXXX@aol.com' Ransomware or the 'backtonormal@foxmail.com' Ransomware.The Dqb Ransomware adds extra extensions to their names so that the victims will know which files are hostages. However, the choice isn't random or solely brand-related, like those of most types of file-locker Trojans. The Dqb Ransomware's 'dqb' is an apparent reference to AutoCAD SQL records.
AutoCAD is a 3D drafting utility for tasks such as managing architectural blueprints. Its appearance in the Dqb Ransomware's campaign isn't the first case of an attack related to this program; malware analysts have encountered other instances, such as the data-collecting worm ACAD/Medre.A. By showing such an interest in a niche format, the Dqb Ransomware nearly guarantees that any distribution or infection exploits are targeting business industries like architecture or manufacturing.
Auto-Correcting from AutoCAD Dangers
Although AutoCAD has a built-in backup feature, malware researchers advise against depending on it, or Windows' Restore Point-equivalent, excessively. It's rare for file-locking Trojans to leave backup media safe while they're encrypting the rest of a system's data. You should save backups to login-secured servers or removable devices regularly if it's remotely practical.
Business networks are most-likely of suffering a compromise of their security after leaving Remote Desktop features open, using passwords that are weak to brute-force attacks, or after an employee interacts with a corrupted e-mail. For the last of these, users should beware, especially, of documents and spreadsheets that contain advanced or macro-based content, which malware expert connect to the campaigns of file-locking Trojans like the Dqb Ransomware, and state-sponsored spyware.
Even though anti-malware products can't unlock or decrypt data, they can provide other protections from this threat. Scanning your computer after infection will provide a safe means of removing the Dqb Ransomware, and active security services should flag its installer as being threatening.
The relevance of the Dqb Ransomware to less-generic industries than usual is a useful note for anyone working with AutoCAD content. At the same time, a backup isn't architecture-specific, but something that malware experts recommend for everyone.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.