Home Malware Programs Ransomware 'paydecryption@qq.com' Ransomware

'paydecryption@qq.com' Ransomware

Posted: September 10, 2018

The 'paydecryption@qq.com' Ransomware is an update of the Dharma Ransomware, which is a major fork of the Crysis Ransomware family. These Ransomware-as-a-Service Trojans are in distribution by different criminals, who typically, exploit e-mail attachments or brute-force attacks for infecting PCs and locking their files. Backups are the recommended protection against file-locking Trojans, while most dedicated anti-malware utilities should remove the 'paydecryption@qq.com' Ransomware safely from the computer.

The Software that's More than Its Appearance might Suggest

Different releases of the Dharma Ransomware, like any RaaS-based Trojans, are as frequent as the individual criminals who are prone to abusing them. The particular disguises that they take aren't always consistent between different attacks, and one of the latest samples malware analysts are examining includes an unusual choice for how it hides on the system. The 'paydecryption@qq.com' Ransomware – a minor variant of the Dharma Ransomware like the '.combo File Extension' Ransomware, the Arrow Ransomware, the Wallet Ransomware or the old 'Lavandos@dr.com' Ransomware – is pretending that it's software from a minor developer.

Some versions of the 'paydecryption@qq.com' Ransomware's executable include additional packing that obfuscates its identity from any threat-analysis software, but the unpacked build provides file credentials referencing Caramel Tech. This company is best known for the 'After Death' program that removes AutoRun files from USB devices. The 'paydecryption@qq.com' Ransomware may be using this trick to convince a victim into opening it, or just as a way of hiding the Trojan's core while it completes its task: encrypting and blocking files.

AES, RSA, and Blowfish are the three of the encryption algorithms that the 'paydecryption@qq.com' Ransomware's sub-branch of its family uses for encrypting media, and may include scans against network shares, along with targeting documents, archives, music, pictures and other media kind. The 'paydecryption@qq.com' Ransomware also adds new text into their filenames according to the traditional format of the Dharma Ransomware: an ID code, the criminal's e-mail, and a new extension (for this Trojan, '.brr').

Some Reasons for not Heeding the 'paydecryption@qq.com' Ransomware's Nam

Like any Ransomware-as-a-Service Trojan, the 'paydecryption@qq.com' Ransomware depends on the exclusivity of its file-decrypting solution for making a profit. Having secure backups on other devices (either network ones with additional security access requirements or detachable storage) can prevent the 'paydecryption@qq.com' Ransomware, or other builds of the Dharma Ransomware, from putting any files into a hostage scenario. Malware analysts also point out multiple freeware solutions to some builds of the Dharma Ransomware, which can be useful in cases where breaking the encryption algorithm is mandatory.

Besides convincing a user into downloading a fake Caramel Tech product, the 'paydecryption@qq.com' Ransomware also may circulate by way of an e-mail attachment (often, with the disguise of a workplace document or invoice) or be inserted by threat actors who brute-force their way past a network's login. Attending to your password security is useful for preventing brute-force hackings, and anti-malware programs should delete the 'paydecryption@qq.com' Ransomware easily, whether it's detectable as a file attached to an e-mail or as an already-existing installation.

Even though the ransom instructions are part of the highly-visible cosmetics of a 'paydecryption@qq.com' Ransomware infection, obeying them isn't helpful for most users. Giving criminals money for their crimes comes with both long and short-term repercussions, many of which don't involve giving you back your media.

Loading...