DoNotChange Ransomware
The DoNotChange Ransomware is a Trojan that can encrypt spreadsheets, archives, and other types of media on your PC, locking them out of being usable. Although free decryption strategies may be possible with this threat, backups are the easiest way to keep the DoNotChange Ransomware from causing permanent damage to your hard drive's contents. Various brands of anti-malware software also can delete the DoNotChange Ransomware during the installation stages of an infection.
Trojans Flexing More Ambition than Linguistic Skill
The regions a particular Trojan's campaigns target don't imply any personal familiarity from its threat actor necessarily. Commonly, file-encrypting Trojans reuse the messages of other threats or translate their warnings via free utilities. The DoNotChange Ransomware is the latest of these to appear in March, trying to extort hundreds of dollars in ransom from anyone whose PC it locks. Its attacks are targeting both Russian and English speakers through unknown propagation methods.
The DoNotChange Ransomware encodes your files with an AES-128 algorithm with no other, evident protection for the cipher. Depending on the version of the threat (malware experts can confirm two branches, so far), file names also may incur changes, such as an appended identification number and the '.cry' extension or a '.Do_not_change_the_file_name.cryp' extension that doesn't include the ID. The Trojan damages the files according to data types, with the list of targets including ZIP archives, JPG pictures, PowerPoint content, and over a dozen additional formats.
Similarly, the DoNotChange Ransomware also may drop one of two ransoming messages onto your computer, both of which are in the Notepad's TXT format. The DoNotChange Ransomware's instructions inform the victim on what e-mail address to contact for entering into ransom negotiations and paying for the decryption utility. Although it gives Russian and English language versions of the text, numerous grammatical errors and misappropriated content make it likely that the threat actor isn't a native Russian speaker. Malware experts are finding payments ranging from between 250 and 400 USD in value.
Changing a Hostage Scenario into a Disinfecting One
The DoNotChange Ransomware has no known relatives, although well over a dozen brands of anti-malware products are identifying it via heuristic methods successfully. At under a megabyte, the DoNotChange Ransomware's executable is easily transportable in disguises such as e-mail-attached, fake documents. Threat actors also could be installing it themselves after gaining network access, typically with the help of unsafe Remote Desktop settings. Some website-based exploit kits also are notable for delivering Trojans with file-encrypting capabilities.
The DoNotChange Ransomware's AES encryption method may be subject to being cracked in the future, and malware analysts encourage victims with no better options to contact members of the anti-malware industry for data recovery assistance. Despite that silver lining, the DoNotChange Ransomware's enciphering attacks aren't guaranteed to be reversible, and having backups can give anyone a reliability recovery choice without ransoms.
Deleting the DoNotChange Ransomware and similar threats afterward is almost always possible through appropriate anti-malware tools with minimal difficulty. However, relying on after-the-fact security measures leaves your files subject to the impulses of con artists with questionable communication skills, and never should replace a preventative protection strategy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.