DaVinci Ransomware

Posted: August 20, 2020

DaVinci Ransomware Description

The DaVinci Ransomware is a file-locking Trojan that encrypts the contents of the user's hard drives for holding their media hostage. Although its ransom note, a screen-blocking pop-up, claims otherwise, the Trojan doesn't include an authentic recovery service, which functionally makes it no different from a file-wiper Trojan. Users with live anti-malware products should remove the DaVinci Ransomware without further help automatically, but the data loss from infections could only be reversible with secured backups.

Not Quite a Genius after Your Files

The plight of whether or not one should risk a ransom in return for getting a hostage safe and sound has a natural counterbalance: the fact that the criminals who do the 'negotiating' tend to be deceptive. For threats like the DaVinci Ransomware, their campaigns bet on making money by asserting services without any evidence and, then, going back on their word. While the DaVinci Ransomware is very similar to past Trojans with data-capturing payloads, like most Ransomware-as-a-Services, it lacks the 'service' part.

The DaVinci Ransomware is a Windows program that includes various obfuscating features, such as a temporary 'hibernation' phase, that lower its detection rate against PC security products. The Trojan uses a standard encryption function for blocking files and may target media according to formats (like DOC or JPG) or location (such as the Windows Documents directory). Some sources also assert its inclusion of a data-wiping feature, although malware researchers can't define the possible attack's prerequisites or behavior, currently.

The Trojan also uses an old-fashioned 'screen-locker' style of a ransom note: a pop-up window without a border that blocks the user's desktop by maintaining focus. The message, which is English with a prominent skull logo, asks for several hundred USD in Bitcoins for giving the victim a decryption service that restores their files – with semi-unusual platforms for 'advertising' and negotiations including both Instagram and Youtube. However, an enormous difference is that the DaVinci Ransomware belies the usual traditions of a Ransomware-as-a-Service or other Trojan business and doesn't offer a legitimate decryptor after getting the payment.

The absence of the recovery service makes the DaVinci Ransomware, fundamentally, almost no different from a file-wiping Trojan, since the difference between encryption of data and deleting or corrupting it lies in the availability of a decryption routine.

Outsmarting a Renaissance Inventor

The DaVinci Ransomware's wallet has prior connections to the WannaCryptor Ransomware campaigns and a smaller threat with the name of the Wikser Ransomware. With a current balance of almost four thousand USD, it seems likely that its threat actor is a long-term 'professional' in running file-locking Trojan campaigns, albeit not providing unlocking services. Malware experts highly advise against paying in this case, particularly, and recommend non-local, secure backups for all Windows users' files of any value.

The DaVinci Ransomware terminates some Windows processes as part of maximizing its access to media and blocks the Windows user interface as part of its ransom note-displaying feature. For circumventing the latter, users can restart their PCs in Safe Mode or boot from a removable drive, such as any appropriately-formatted USB stick. Infection methods for the DaVinci Ransomware's campaign remain subjects of analysis but are likely for including e-mail attachment-based scams, torrents, or prominent browser threats like the RIG Exploit Kit.

Users can place themselves at less risk from attacks by engaging in traditional security precautions like using strong passwords, turning off JavaScript, and installing patches. The anti-malware products of most trustworthy companies should delete the DaVinci Ransomware before it attacks and, also, may disinfect PCs safely.

With one payment to its wallet this year, the DaVinci Ransomware is just starting to collect on bad-faith promises. A word of honor from a scam artist has as little value as a permanently-encrypted file – that is, nothing.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DaVinci Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware DaVinci Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.