DCRTR Ransomware
Posted: February 12, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 1 |
| First Seen: | March 20, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The DCRTR Ransomware is a Trojan that locks your files and asks for Bitcoins for restoring them to you. Its attacks include a variety of related, anti-security features that also increase the Windows' vulnerability to future infections and erase some forms of local backups. Malware analysts recommend keeping non-local backups, having anti-malware applications for blocking this threat on sight, and uninstalling the DCRTR Ransomware with the same programs when required.
A Payment for Your Files without Promises or Prices
Victims of another file-locking Trojan campaign are starting to provide samples and reports for analysis in Russian-based Web forums, once again, showing that that nation no longer holds any particular immunity to threatening software attacks. The DCRTR Ransomware is a threat that malware researchers can't relate to others in its underground industry, for now, although its authors do use a preexisting, English-based ransom message with minor edits, such as the e-mail addresses.
The DCRTR Ransomware uses a multi-layered encryption method, basing its attacks on the AES, SHA, and RSA algorithms, for locking the user's local media. Examples of the content most likely of being blocked include pictures, documents, spreadsheets, archives, audio and databases. The Trojan adds both an extension ('.dcrtr') and a bracketed e-mail address to the end of every file's name. Last, it drops a Notepad file that carries its general instructions on paying a non-specific amount of Bitcoins after the negotiations.
The other features that malware researchers accentuate as security risks include:
- The DCRTR Ransomware has a Shadow Volume Copies-deleting feature that can eliminate any default, Windows backups of your files.
- The DCRTR Ransomware disables the Windows Defender program, which leaves the OS at an increased risk of suffering from further attacks.
- The DCRTR Ransomware modifies the boot-up policy so that it avoids presenting appropriate error messages, which can conceal the installation of threatening software.
Why a Russian Problem Also Endangers the Rest of the World's PCs
The data-locking method that the DCRTR Ransomware utilizes is one that malware researchers, unfortunately, are rating as being secure against free decryption attempts, for the time being. While the DCRTR Ransomware's infection vectors seem to be focusing on Russian-based Web content, its attacks are no less capable of damaging the files of PC users around the world, regardless of their local language settings. Without copies that the DCRTR Ransomware can't delete, such as cloud or USB backups, the files may be enciphered permanently and, therefore, unusable.
Threat actors can circulate file-locking Trojans through file-sharing networks, install them over your browser with the help of an exploit kit, or attach them, or their delivery vehicles, to an e-mail message. Because the DCRTR Ransomware's encryption efforts don't alert the victim while they're ongoing, blocking the Trojan at the outset is an important, baseline security consideration. Although this Trojan does disable the Windows Defender, other anti-malware and anti-virus products should delete the DCRTR Ransomware, unimpeded.
Evidence of the DCRTR Ransomware's existence goes back no later than January of the current year. With the recent dating of its development in mind, computer users everywhere should remind themselves that their files are still prominent targets of attacks by cybercrooks, regardless of where they live.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.