1dec Ransomware

Posted: August 5, 2020

1dec Ransomware Description

The 1dec Ransomware is a file-locking Trojan that's part of a Dharma Ransomware Ransomware-as-a-Service. Family members will block your files, digital media like documents, and extort money for their unlocking service, preferably. Users with secure backups have protection from most of the effects of infections, and good anti-malware programs will proactively remove the 1dec Ransomware.

An Out-of-Season December Incoming

The often-randomly-named Dharma Ransomware family boasts such members as the Devil Ransomware, the guardbtc@cock.li Ransomware, the Prnds Ransomware, and the Wiki Ransomware, and is turning to seasons of the year for a recently-unfurled campaign. The 1dec Ransomware is, despite its name, arriving on the threat landscape in early August. In analyzing it, malware analysts confirm all the 'usual suspects' for its features, wrapped in a fake Windows component for a hiding place.

The 1dec Ransomware's samples are faking Windows 'explorer' files, which might be part of their distribution tactic, but is more likely to avoid attention while encrypting media. The family uses an extremely well-analyzed and, unfortunately, secure encryption routine for locking files that match the formats in its white list. Most victims experience a 'locking' of their documents, pictures, music, databases, spreadsheets, archives and slideshows.

The 1dec Ransomware's extension is one that it injects into the ends of these files' names and is nearly the only other differentiating factor between it and its dozens of familial counterparts. Besides these attacks, the 1dec Ransomware can delete the Shadow Volume Copy or the Restore Point backups, create ransom notes (such as a highly-visible pop-up), and creates a unique ID for negotiations with the attacker over buying the unlocking service.

Sweeping Back Old Winter Software for Another Year

Users paying the 1dec Ransomware's decryption ransom are gambling with not getting anything back, and advance the long-term interests and infrastructure of the Ransomware-as-a-Service industry. RaaSes and their many variant campaigns, like the 1dec Ransomware, are defensible easily, as long as Windows users keep their media backed up with solutions such as USB drives or cloud services. These infections also pose risks of collecting data, leaking confidential information to the public or compromising network-connected devices.

Since downloading the Explorer component of Windows manually is an uncommon update tactic, malware experts suggest looking to other sources for possible attacks. Threat actors may seed the 1dec Ransomware in torrents for illicit software or movies, attach its delivery exploit inside an e-mail-linked document, use software exploits associated with Web server applications or browser features like JavaScript. Secure password choices for an admin-privileged account, especially, will help with containing these threats.

As a final defense, stalwart anti-malware programs will flag members of the Dharma Ransomware family, a years-old and thoroughly-examined RaaS. If protected by these security solutions, users should detect and remove the 1dec Ransomware through them before their files come under fire.

With changing weather patterns, predicting the bite of winter or heatwaves is becoming more problematic, but Trojans like the 1dec Ransomware always are in season. Since that's the case, one can compare not having a backup or security services to walking into a storm without an umbrella easily.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 1dec Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware 1dec Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.