Cybersecurity researchers have spotted a new ransomware threat going by the name of DogeCrypt. DogeCrypt is a variant of the DesuCryp ransomware strain. Like most ransomware, its purpose is to encrypt data for the purpose of demanding payment for decryption.
Following successful infiltration, DogeCrypt will scan the host for target files. The threat is looking for pictures, databases, documents, spreadsheets, archives, and any file that might contain valuable information.
Once all target files are located, DogeCrypt will use an encryption algorithm to lock the data and prevent the user from accessing it. The ransomware will allow its victims to see the icons of their files. However, they cannot open, view, or edit their files.
All files encrypted by the ransomware are easily recognizable as the threat changes the file extension. DogeCrypt follows a simple pattern. It keeps the original filename and adds the criminals' email address, followed by the ".DogeCrypt" extension. For example, a file named "pictures.zip" will be renamed to "pictures.zip.[email@example.com].DogeCrypt."
Once all target files are encrypted, DogeCrypt will change the desktop wallpaper to a ransom message. Additionally, the threat will drop a text file called "note.txt" which contains the same information as the wallpaper.
Ransom Note Text:
Your files were encrypted by DogeCrypt.
The files are not damaged or destroyed! They're only modified
If you want to reverse the modification conatact us:
DogeCrypt's ransom note is a straightforward message that informs the victim that their data is not damaged but encrypted. It also instructs the victims to contact the threat operators via either of the firstname.lastname@example.org or email@example.com email addresses.
Unfortunately, as DogeCrypt ransomware is a relatively new threat, there is no decryption tool for it yet. However, experts advise against paying the ransom as such actions don't guarantee results. Criminals are known to double-cross their victims. There are multiple cases when the criminals did not provide their victims with working decryption software.
Furthermore, victims should be aware that by paying the ransom, they finance criminal operations.
Victims can use file backups saved on external and cloud storage to recover their information. However, before any such operations are attempted, the victims must remove the ransomware. Otherwise, DogeCrypt will corrupt their newly-recovered files.
How DogeCrypt infects its victims
DogeCrypt is spread by professional criminals who use various mass-distribution techniques to infect a broad spectrum of victims.
Malicious messages, fake updates, and trojans are only three of the most often used distribution techniques. Criminals use current trends and social engineering to trick their victims into falling into their traps. The key to their success is not the used methods but their victims' naivety.
Criminals are targeting the unprepared users who are not paying attention to the red flags. Most cyber infections are preventable if the user knows what NOT to do.
Malspam - Users are advised to be careful with their inbox. Criminals use a technique called "spoofing" to make their emails appear as if they are coming from legitimate sources. Usually, they impersonate well-known and trusted organizations and companies, such as shipping companies, banks, and government institutions.
Therefore, all unexpected messages should be treated as hazardous. Users should not download attachments or click on links unless they are certain that the message is sent from a trustworthy source.
Software activators/Pirated software – As many uses are not willing to pay for expensive software, they go online in search of activators or pirated software that bypass the paid activation. Hackers are well aware of this global trend and take full advantage of it. They upload malicious software copies on various web platforms and wait for someone to take their bait.
Trojans – the trojan horse infection is very dangerous as it is unpredictable. Trojans are versatile weapons that allow their operators to execute commands on their victims' devices. There are trojan horses that are programmed to download and install other malware, including ransomware.