Home Malware Programs Ransomware 1dec Ransomware

1dec Ransomware

Posted: August 5, 2020

The 1dec Ransomware is a file-locking Trojan that's part of a Dharma Ransomware Ransomware-as-a-Service. Family members will block your files, digital media like documents, and extort money for their unlocking service, preferably. Users with secure backups have protection from most of the effects of infections, and good anti-malware programs will proactively remove the 1dec Ransomware.

An Out-of-Season December Incoming

The often-randomly-named Dharma Ransomware family boasts such members as the Devil Ransomware, the guardbtc@cock.li Ransomware, the Prnds Ransomware, and the Wiki Ransomware, and is turning to seasons of the year for a recently-unfurled campaign. The 1dec Ransomware is, despite its name, arriving on the threat landscape in early August. In analyzing it, malware analysts confirm all the 'usual suspects' for its features, wrapped in a fake Windows component for a hiding place.

The 1dec Ransomware's samples are faking Windows 'explorer' files, which might be part of their distribution tactic, but is more likely to avoid attention while encrypting media. The family uses an extremely well-analyzed and, unfortunately, secure encryption routine for locking files that match the formats in its white list. Most victims experience a 'locking' of their documents, pictures, music, databases, spreadsheets, archives and slideshows.

The 1dec Ransomware's extension is one that it injects into the ends of these files' names and is nearly the only other differentiating factor between it and its dozens of familial counterparts. Besides these attacks, the 1dec Ransomware can delete the Shadow Volume Copy or the Restore Point backups, create ransom notes (such as a highly-visible pop-up), and creates a unique ID for negotiations with the attacker over buying the unlocking service.

Sweeping Back Old Winter Software for Another Year

Users paying the 1dec Ransomware's decryption ransom are gambling with not getting anything back, and advance the long-term interests and infrastructure of the Ransomware-as-a-Service industry. RaaSes and their many variant campaigns, like the 1dec Ransomware, are defensible easily, as long as Windows users keep their media backed up with solutions such as USB drives or cloud services. These infections also pose risks of collecting data, leaking confidential information to the public or compromising network-connected devices.

Since downloading the Explorer component of Windows manually is an uncommon update tactic, malware experts suggest looking to other sources for possible attacks. Threat actors may seed the 1dec Ransomware in torrents for illicit software or movies, attach its delivery exploit inside an e-mail-linked document, use software exploits associated with Web server applications or browser features like JavaScript. Secure password choices for an admin-privileged account, especially, will help with containing these threats.

As a final defense, stalwart anti-malware programs will flag members of the Dharma Ransomware family, a years-old and thoroughly-examined RaaS. If protected by these security solutions, users should detect and remove the 1dec Ransomware through them before their files come under fire.

With changing weather patterns, predicting the bite of winter or heatwaves is becoming more problematic, but Trojans like the 1dec Ransomware always are in season. Since that's the case, one can compare not having a backup or security services to walking into a storm without an umbrella easily.

Loading...