Home Malware Programs Ransomware DirtyDecrypt

DirtyDecrypt

Posted: September 14, 2013

Threat Metric

Ranking: 14,747
Threat Level: 2/10
Infected PCs: 433
First Seen: September 19, 2013
Last Seen: September 1, 2023
OS(es) Affected: Windows

DirtyDecrypt Screenshot 1DirtyDecrypt, so named for the DirtyDecrypt.exe file that is a component of some variants of this PC threat, is a group of diverse ransomware-based Trojans, including multiple types of Police Ransomware Trojans that delivery warning messages specific to different countries. These attacks have a double purpose: simultaneously blocking Windows and also displaying a fake legal alert that requests a money transfer. However, although all known variants of DirtyDecrypt use pop-ups that reference a regional law enforcement agency, DirtyDecrypt is an illegal program and doesn't need to be paid to be removed. Nor should it be paid, as SpywareRemove.com malware researchers emphasize that any paid ransom doesn't necessarily increase your chances of getting an unlock key that would remove DirtyDecrypt from your computer. As always, anti-malware tools should be preferred for deleting DirtyDecrypt in all of its varied forms.

Cleaning Away Misinformation About the DirtyDecrypt Problem

DirtyDecrypt is named for one of its earliest components, an EXE file that often is associated with file encryptor attacks. These attacks have been seen targeting Microsoft Office documents, general image files and Adobe PDF files and rendering them temporarily inaccessible – supposedly until a ransom is paid. New versions of DirtyDecrypt may or may include this attack, which is secondary to DirtyDecrypt's main goal of misinforming the victim about its purpose and acquiring money in the process.

The most recent DirtyDecrypt attacks have spread out of Europe to other regions, including the US and Canada, and tend to trigger off of pornography site advertisements. These advertisements redirect their victims to illegal underage pornographic content and also use a variant of the Styx to install a member of DirtyDecrypt such as the 'Your Internet Service Provider is Blocked' Virus. Afterward, a fake police alert tailored to your IP address's geographical location is put on display and accuses your computer of being used to access the very same illegal content that was promoted by the original advertisement.

Once you ignore the more rather aspects of DirtyDecrypt's campaign, it becomes obvious that DirtyDecrypt's main interest is in acquiring money through its fraudulent legal fee. SpywareRemove.com malware experts always recommend withholding any money or personal information demanded by DirtyDecrypt or any other ransomware-based PC threat, since giving in to these demands has no guarantee of providing you with a solution to a DirtyDecrypt infection. Additionally, it also needs to be stressed that DirtyDecrypt is an illegal Trojan and doesn't have any government authorization behind its attacks.

Why Decryption Needn't Be a Filthy Process of Giving Criminals What They Want

Whether a variant of DirtyDecrypt attacking your computer is a file encryptor or not, there's no real reason to bother paying the ransom DirtyDecrypt demands. As a safe alternative, SpywareRemove.com malware experts suggest disabling DirtyDecrypt with standard security procedures and then using whatever anti-malware programs you prefer to delete DirtyDecrypt. Files that have been encrypted by DirtyDecrypt can be restored from backups or decrypted by various free utilities (which often are provided by various major PC security companies).

Also known by its technical family name of Revoyem, DirtyDecrypt exemplifies the advanced social engineering in use by most modern types of threats that don't try to hide themselves entirely. However, SpywareRemove.com malware research team also notes that, like any attack that starts with your Web browser, having appropriate Web-based protection can shut down a DirtyDecrypt infection before DirtyDecrypt has a chance to begin.

DirtyDecrypt Screenshot 2

Technical Details

Additional Information

The following URL's were detected:
761d.site
Loading...