DCRTR-WDM Ransomware
The DCRTR-WDM Ransomware is a file-locker Trojan from the DCRTR Ransomware family. These Trojans may block security features, wipe the System Restore Points, lock your files with data encryption and create ransom demands in text messages. Have backups available for resolving any damage without needing to ransom the decryptor and use anti-malware products for protecting the PC by deleting the DCRTR-WDM Ransomware immediately.
A Fake Security Program is the Next RaaS
The Russian Ransomware-as-a-Service family of the DCRTR Ransomware, while small relative to ones like the Scarab Ransomware or the Globe Ransomware, is remaining reasonably competitive with small-scale threat actors that want to lock files in return for ransoms. The castor-troy-restore@protonmail.com Ransomware variant of this family is being joined by the much newer the DCRTR-WDM Ransomware, which contains a different ransom note and a much more well-developed Web support experience.
The DCRTR-WDM Ransomware may be either gaining access to PCs or disguising itself after the fact with a filename that pretends that it's a component of the Windows Defender Monitor. The Windows-based Trojan, then, locks your media files using the AES encryption, while adding '.crypt' extensions to their names. Like with other members of the family, there is no free decryption service for unlocking these files.
Malware researchers also warn of the DCRTR-WDM Ransomware's, still, including several, other attacks that could harm your PC's security status in ways not related to the locking of its media directly. These issues include editing the boot policy for removing error messages, disabling other software (including the real version of Windows Defender), and erasing the Windows Restore Points or the Shadow Volume Copies.
Trojan Upgrades that No One Wants to See
The threat actors operating the DCRTR-WDM Ransomware's campaign are giving it a little more 'customer support' than the average RaaS Trojan has. The DCRTR-WDM Ransomware, unlike previous threats from this family, boasts of a significant Web-based interface for handling how its victims pay their ransoms for, theoretically, buying the decryption solution. Secure backups are a preferable alternative to this option, however, since the DCRTR-WDM Ransomware demands Bitcoin payments that aren't refundable without the threat actors agreeing.
The origin of the DCRTR-WDM Ransomware's software and Ransomware-as-a-Service operation is Russian, but malware researchers are seeing no activity suggesting that the Trojan's attacks are limiting themselves to that nation. Windows users around the world should be alert to all of the usual infection strategies that file-locker Trojans may abuse, such as brute-force attacks against server admins, torrents, and spam e-mails. In a best case scenario, your anti-malware products should block the DCRTR-WDM Ransomware and quarantine or uninstall it before the encryption routine locks your files.
No victims have paid into the DCRTR-WDM Ransomware's ransom collection, as of early November. One can hope that this state of affairs will persist and keep its authors from managing further attacks involving the sabotaging of media for quick coins.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.