DCRTR Ransomware
The DCRTR Ransomware is a Trojan that locks your files and asks for Bitcoins for restoring them to you. Its attacks include a variety of related, anti-security features that also increase the Windows' vulnerability to future infections and erase some forms of local backups. Malware analysts recommend keeping non-local backups, having anti-malware applications for blocking this threat on sight, and uninstalling the DCRTR Ransomware with the same programs when required.
A Payment for Your Files without Promises or Prices
Victims of another file-locking Trojan campaign are starting to provide samples and reports for analysis in Russian-based Web forums, once again, showing that that nation no longer holds any particular immunity to threatening software attacks. The DCRTR Ransomware is a threat that malware researchers can't relate to others in its underground industry, for now, although its authors do use a preexisting, English-based ransom message with minor edits, such as the e-mail addresses.
The DCRTR Ransomware uses a multi-layered encryption method, basing its attacks on the AES, SHA, and RSA algorithms, for locking the user's local media. Examples of the content most likely of being blocked include pictures, documents, spreadsheets, archives, audio and databases. The Trojan adds both an extension ('.dcrtr') and a bracketed e-mail address to the end of every file's name. Last, it drops a Notepad file that carries its general instructions on paying a non-specific amount of Bitcoins after the negotiations.
The other features that malware researchers accentuate as security risks include:
- The DCRTR Ransomware has a Shadow Volume Copies-deleting feature that can eliminate any default, Windows backups of your files.
- The DCRTR Ransomware disables the Windows Defender program, which leaves the OS at an increased risk of suffering from further attacks.
- The DCRTR Ransomware modifies the boot-up policy so that it avoids presenting appropriate error messages, which can conceal the installation of threatening software.
Why a Russian Problem Also Endangers the Rest of the World's PCs
The data-locking method that the DCRTR Ransomware utilizes is one that malware researchers, unfortunately, are rating as being secure against free decryption attempts, for the time being. While the DCRTR Ransomware's infection vectors seem to be focusing on Russian-based Web content, its attacks are no less capable of damaging the files of PC users around the world, regardless of their local language settings. Without copies that the DCRTR Ransomware can't delete, such as cloud or USB backups, the files may be enciphered permanently and, therefore, unusable.
Threat actors can circulate file-locking Trojans through file-sharing networks, install them over your browser with the help of an exploit kit, or attach them, or their delivery vehicles, to an e-mail message. Because the DCRTR Ransomware's encryption efforts don't alert the victim while they're ongoing, blocking the Trojan at the outset is an important, baseline security consideration. Although this Trojan does disable the Windows Defender, other anti-malware and anti-virus products should delete the DCRTR Ransomware, unimpeded.
Evidence of the DCRTR Ransomware's existence goes back no later than January of the current year. With the recent dating of its development in mind, computer users everywhere should remind themselves that their files are still prominent targets of attacks by cybercrooks, regardless of where they live.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.