DCOM Ransomware
The DCOM Ransomware is a file-locker Trojan that takes your documents, pictures, and other media hostage with encryption. Users should rule out other restoration solutions for their work before considering the ransom option, which this Trojan demands through a text file. Many anti-malware products can delete the DCOM Ransomware automatically, and secure backups can give users a fallback solution for recovering.
A Trojan that's Keeping It Cool Around Your Digital Media
A file-locking Trojan whose ancestry is murky is trying its hand against the file-storing habits of random Windows users. This threat, the DCOM Ransomware, is being called out by security researchers who, typically, focus on Asian and Russian-based Trojans like the Scarab Ransomware and the STOP Ransomware families. While the DCOM Ransomware might not be a member of either of these groups, malware experts rate its modus operandi as the same.
What distribution exploits the DCOM Ransomware is using aren't known to malware experts, but they do see installers for the Trojan eschewing digital signatures that would imply a heavily socially-engineered fake identity. Its file information includes an 'unsweated7' string, along with the Indian and Pakistani surname of Lakhani, which could be a clue for what regions it's infecting. However, its encryption-based payload is compatible with most versions of Windows.
The DCOM Ransomware encrypts files on the infected computer with an unknown algorithm and adds 'dcom' extensions to their names after blocking them this way. The payload includes a ransoming message with a TXT format and contents that are a shortened version of a text that malware researchers previously saw in both Amnesia 2 Ransomware and Globe Imposter 2.0 Ransomware. The DCOM Ransomware's variant of the instructions omits the Bitcoin reference, which could give the threat actor more bargaining room for 'selling' his file-unlocking help.
Armoring Your Computer against a File-Blocking Attack
The original name of the DCOM Ransomware's executable, 'lamellar,' refers to a form of plated armor and, like its other details, offers oblique hints about how it may be spreading to its victims. However, malware researchers are reasonably sure that it's using one of the following strategies:
- Fake updates for software like Flash or Java.
- Direct attacks against servers with weak credentials or RDP settings.
- Spam e-mails or phishing lures.
Until its relationship with other Trojan families is a matter of public record, decryption solutions for recovering your files are a theoretical and unreliable possibility. You can protect your media from the DCOM Ransomware's payload by keeping a secure backup, although testing public decryption services with copies of any 'locked' content is preferable to paying any ransom. Anti-malware products should delete the DCOM Ransomware appropriately, although malware researchers do see an unusual tendency for the Trojan's flagging as Pony Stealer incorrectly, a password thief.
At present, the DCOM Ransomware doesn't seem to collect credentials, but its confirmed attacks are harmful enough. With so much at stake against any errant Trojan, Windows users would be unwise to ignore the value of armoring their computer with both exhaustive backups and one or more anti-malware products.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.