Damoclis Ransomware
Posted: November 1, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 1,696 |
| First Seen: | November 1, 2017 |
|---|---|
| Last Seen: | June 14, 2023 |
| OS(es) Affected: | Windows |
The Damoclis Ransomware is a minor variant of the Losers Ransomware, a branch of the Crypton Ransomware family of file-locking threats. Like its predecessors, the Damoclis Ransomware tries to block data on your PC by encoding it using the AES encryption so that it can demand you to pay for recovering them. Related symptoms often include both cosmetic changes and the deletion of associated content, and malware experts suggest identifying and uninstalling the Damoclis Ransomware with a trustworthy anti-malware vendor's products.
A Loser Trying to Come Back as a Winner
Although not as publicly acknowledged as more active threats like the Turkish-made Hidden Tear, the Crypton Ransomware family has yet to fall into the level of complete inactivity that would suggest that its threat actors are switching to other Trojan designs. One minor fork in this collection of file-locking Trojans, the Losers Ransomware, is even seeing a revival through a slight variant: the Damoclis Ransomware. This semi-new Trojan has some small updates to its ransoming demands and maintains the same capabilities for deleting or blocking data, potentially, beyond the victim's ability to retrieve.
The Damoclis Ransomware, whose name apparently is a derivative of the Greek name 'Damocles,' conducts attacks targeting English-speaking PC users, although such language configurations are common to Trojans circulating throughout much of the world. When running, it uses cryptography with a Rijndael or AES-based cipher to encode selected formats of files on the PC's drives, usually including text documents, spreadsheets, informational databases and pictures (although, unusually, the Damoclis Ransomware avoids locking PDFs or ZIP archives). The Damoclis Ransomware includes a custom extension for signifying which files it's holding hostage ('.damoclis') but, as a variant of Losers Ransomware, it also may use the old '.losers' tag.
The Damoclis Ransomware and other variants of the Crypton Ransomware's family use a series of TOR-supported websites to collect their ransoms for decrypting and restoring the blocked media. The Damoclis Ransomware promotes this payment process by delivering advanced HTML pop-ups that contain instructions on how to use TOR to navigate to the site and input a custom-generated ID. Since the Damoclis Ransomware's family also erases default Windows backups, this recovery method, while not endorsed by malware experts, may be the only way to restore a victim's files.
Keeping the Proverbial Sword from Hovering over Your PC's Head
The anecdote of a sword suspended over the head of a ruler, known as the 'Sword of Damocles,' makes for an appropriate theme with the Damoclis Ransomware. However, also like the original story, the Damoclis Ransomware comes with an implied escape for the victim: keeping backups in secure devices, such as detachable peripheral drives, can remove any risk of permanent damage from the Damoclis Ransomware's attacks. Since malware experts sometimes rate members of Crypton Ransomware as being compatible with free decryption programs, victims without backups also may test duplicates of any locked files with the appropriate freeware solutions.
Always update your anti-malware products to improve their capabilities against new variants of older Trojans, including the Damoclis Ransomware, which may avoid detection through previously effective methods. Distribution efforts for this Trojan may be using spam e-mails, corrupted website scripts, or downloads named inaccurately to trick users into compromising their PCs. Most of these attacks are wholly preventable by having appropriate security software and disabling hazardous content features. Most anti-malware programs should have limited or no issues with uninstalling the Damoclis Ransomware from your computer, although unlocking data via decryption always requires separate and specialized software.
Malware experts only can guess at where the Damoclis Ransomware's campaign is most likely to strike next. With generalized attributes making it suitable for blocking files around the world, the Damoclis Ransomware is a pointed reminder not to count the Crypton Ransomware family out of the threat landscape yet.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.