Digisom Ransomware

The Digisom Ransomware is a Trojan that locks your files by encrypting them and threatens to delete them over time until you pay its ransom. Ransom payments to the people responsible for similar attacks don't always give you access to a full recovery option and is discouraged by malware experts unless no other solutions are viable. Using anti-malware programs to delete the Digisom Ransomware when it's detected, and having backups to prevent its payload from being meaningfully harmful, are the advised strategies for this Trojan.

The Trojan Enacting a Rush to Pay Extortionists

Among the many, subtle elements that con artists use for enhancing Trojan campaigns with any degree of social engineering, one of the most infamous simply is time. The Jigsaw Ransomware is one of the most notorious of such threats to put its victims on a harsh schedule that can result in the permanent loss of some or all of the files that it locks. One year later, new threat actors are implementing the same concept in a slightly different way through the Digisom Ransomware campaign.

The Digisom Ransomware uses asymmetric encryption for locking files on the infected computer, potentially including formats such as spreadsheets, documents, archives, pictures or audio.The Digisom Ransomware also uses a slightly unusual name-modifying system for tagging them: appending a string of three, random characters and a '.x' extension onto the end of any previous extension. Whether or not you restore the filename, the encryption cipher prevents these files from opening until you can decrypt them with the private key.

The rest of the Digisom Ransomware's payload uses various elements for promoting its ransoming process for buying the decryption key. The different symptoms malware analysts are confirming include:

• The Digisom Ransomware resets the desktop wallpaper to a black image.
• The Digisom Ransomware also places a text file on the desktop that asks for a 0.2 Bitcoin (198 USD) ransom, which the Trojan's threat actors process through their customized website.
• Most uniquely, the Digisom Ransomware also includes a pop-up with a live timer, claiming that the Trojan will delete one encrypted file every time the countdown expires. The Digisom Ransomware also uses similar deletion threats for warning against taking any steps to close the program.

Canceling a File-Eating Schedule

The Digisom Ransomware is far from the first Trojan to use a combination of encoding data and limited time to force a victim into submitting to extortion for uncertain benefits. However, its implementation does do an exceptional job of limiting the user's actions and only providing information necessary for the ransom, which could make it too tempting to resist. Since malware experts deem this threat as being system-persistent, any actions for restoring your data and disinfecting your PC also should include disabling the Trojan, initially.

Victims already compromised by the Digisom Ransomware can restart their PCs with Safe Mode (available on most OSes, including Windows 7 and 10) to limit the launching of threatening software like the Digisom Ransomware. Alternately, you can boot your computer with a USB or DVD-based recovery device. With the Trojan inactive, standard anti-malware programs can delete the Digisom Ransomware with no issues, letting you take any other steps necessary for recovering your locked files.

The time restrictions the Digisom Ransomware uses are some of the most powerful ways in which con artists may persuade PC users into taking actions that only may help make the threat industry profitable. Although threats like the Digisom Ransomware do require quick responses, that reaction rarely should take the form of paying money for a decryption service with an uncertain existence.