Home Malware Programs Ransomware Spiteful Doubletake Ransomware

Spiteful Doubletake Ransomware

Posted: January 28, 2019

The Spiteful Doubletake Ransomware is a file-locking Trojan that runs the Blowfish encryption for blocking your media, such as documents, and asks for a ransom through pop-ups. However, any users paying don't receive a decryption solution. All users should guard their PCs against this threat by having dedicated anti-malware protection for eliminating the Spiteful Doubletake Ransomware comprehensively and backups for recovering data without breaking the cipher.

A Trojan that's All Spite and No Solutions

Although nearly every file-locking Trojan comes with ransom demands included, not all of them offer solutions afterward. The Spiteful Doubletake Ransomware is a Perl-based program that shows well how paying can be a problem for the users who take a criminal's ransom note at its word, even with every reason that they should do otherwise. Current versions of the Spiteful Doubletake Ransomware appear demonstrative, and malware experts have yet to confirm an active campaign.

The Spiteful Doubletake Ransomware's executable is an exceptionally large nine megabytes and has no signature or other means of hiding its identity. If the user runs it anyway, the Spiteful Doubletake Ransomware starts encrypting file types like BMP images, MP3s, and Word documents (among others) with a combination of Blowfish, Cipher Block Chaining and a hard-coded key. Since the latter references the software's testing status, malware experts anticipate the Spiteful Doubletake Ransomware's changing it to a secure alternative out in the wild.

The Spiteful Doubletake Ransomware finishes its payload with several pop-up messages giving the user a Bitcoin-based ransom. However, any users paying gets a 'mock user' message from the Trojan: a taunt that the threat actor is only interested in the money and has no plans of giving them a decryption key, service or program. The files that it locks, as a result, are so permanently, unless the user finds another solution, and any Bitcoins are non-refundable without the criminal's consent.

Keeping the Spiteful Doubletake Ransomware from Taking Your Money or Your Time

Although there is some Bitcoin activity in the Spiteful Doubletake Ransomware's wallet, nothing suggests that the file-locking Trojan is live or any misguided victims are paying its ransom. Because its attacks include appending 'enc' extensions, similarly to the SARansom Ransomware or the Motd Ransomware, the users could mistake its campaign for one with a relatively more reliable ransoming history. This issue, also, could confuse the proper decryption solution and lead to victims corrupting their media by decrypting it with the wrong service.

The current builds of the Spiteful Doubletake Ransomware restrict their file-locking behavior to test locations, which should change if its campaign goes public. Having backups of any critical media on other devices is the best after-the-fact solution that malware experts can endorse. For prevention or cleanup, most PC security products with any anti-malware features should stop and remove the Spiteful Doubletake Ransomware.

The Spiteful Doubletake Ransomware takes without giving anything back to you and provides no recourse for rectifying this wrongdoing. Extortion is a dirty game, and abiding by practices that can prevent your files from being a bargaining chip is better than taking the risk.

Loading...