DataKeeper Ransomware
Posted: February 23, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 5,612 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 230 |
| First Seen: | July 22, 2024 |
|---|---|
| Last Seen: | March 1, 2025 |
| OS(es) Affected: | Windows |
The DataKeeper Ransomware is a Trojan that locks your files with encryption so that it can collect Bitcoins from selling the decryptor. As a Ransomware-as-a-Service Trojan, the DataKeeper Ransomware may have its distribution administrated in different ways by various individuals, although spam e-mail is a particularly popular choice. Minding your network's security, having reliable backups, and using anti-malware products for blocking or removing the DataKeeper Ransomware are the three defenses most relevant to this threat.
The Program Keeping Your Files Away from You
Trojan campaigns aren't always tightly-maintained projects by one, experienced team of threat actors. In fact, this rarely is the case with file-locking Trojans, such as the new the DataKeeper Ransomware, which displays the ongoing profitability of an opposing business model. The DataKeeper Ransomware's authors are using Ransomware-as-a-Service for distributing variants of their Trojans to any other cybercrooks willing to undertake the risks, and, most likely, only are profiting from collecting a percentage of any ransoms passively.
The unknown threat actors maintaining the DataKeeper Ransomware are hosting its executable generator on a DarkNet website with no upfront fee for generating a custom variant. Some of the features in advertising, thus far, include:
- Custom, secure data-encrypting attacks use combinations of AES and RSA algorithms to block the victim's files.
- The ransom that the DataKeeper Ransomware offers to the victims for 'purchasing' a file-unlocking program is configurable, but always uses Bitcoins, thereby preventing the user from getting refunds in any cases of fraud.
- The DataKeeper Ransomware doesn't require a C&C server for its payload and can block the PC's media without any network connection.
- The DataKeeper Ransomware can erase some types of backup or system restoration data such as Windows Restore Points.
- The Trojan also supports attacking any network-shared folders, which makes it capable of compromising non-secure server setups particularly.
The types of data that the DataKeeper Ransomware locks also are fully configurable; malware analysts note that Microsoft Office work, images, and Adobe PDF documents are the most frequently targeted formats.
Taking Steps to Secure Your Data from the RaaS Industry
The nature of Ransomware-as-a-Service makes the distribution exploits of the DataKeeper Ransomware highly flexible. E-mail attachments, browser-based threats like the Nebula Exploit Kit, and brute force attacks targeting specific, non-secure networks are the infection vectors that malware analysts judge as being most relevant to this year. Users can protect their PCs by maintaining robust passwords, avoiding enabling scripts or advertisements in their browser, and scanning any downloaded files with appropriate security software.
The DataKeeper Ransomware's encryption routine is being rated as unlikely for decryption tentatively by freeware methods. Although any victims can contact anti-malware researchers with cryptography experience for second opinions, backups are always the most reliable fail-safe against Trojans that encrypt your media. A traditional anti-malware program also may delete the DataKeeper Ransomware before it launches its file-enciphering attack.
RaaS is an efficient distribution of labor for a con artist-programmer. It lets Trojans like the DataKeeper Ransomware become more widely distributed than ever, with not much work on the part of the individuals. PC owners should remember this fact, and always assume that there's a risk of data loss, whenever they browse the Web unsafely.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.