DCry Ransomware
Posted: July 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 63 |
| First Seen: | July 10, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The DCry Ransomware is a Trojan that locks your files by encrypting them and then asks you to contact a threat actor's e-mail address for help, which, usually, is offered at the cost of a cryptocurrency ransom. Buying a decryption service often has drawbacks to the victims trying to restore their files, and local backups also may be affected, making non-local backups the best protection they can give their data. Because this threat has no self-distributing features, it may be related to the presence of other Trojans, and users always should uninstall the DCry Ransomware with thorough anti-malware scans.
One Trojan Advertises for Another One Inadvertently
Once a particular brand in the threat industry achieves any newsworthy success, numerous imitators and derivatives often follow it. However, while these threats may use the same name as the prior one, they often aren't related except in the sense of showing the same, superficial symptoms. For instance, one of the families more subject to being copied of late, the WannaCryptor Ransomware, now is having its name 'borrowed' by the DCry Ransomware, which doesn't seem to be a direct descendant of that Trojan.
Evidence of the DCry Ransomware's real family, if any, has yet to be verified through malware researchers, who, however, do note that the Trojan includes the Shadow Copy-erasing features similar to Hidden Tear and ransom notes reminiscent of many, other campaigns. The DCry Ransomware's main feature remains the ability to target and encrypt files using a custom algorithm, locking the user from opening content such as documents or pictures effectively. It also adds '.dcry' extensions to all blocked media names.
Unlike most Trojans using data-ransoming attacks, the DCry Ransomware uses TOR-based C&C features without tying any of this functionality into the payment process. Its text messages ask for nothing more than the reader to contact the threat actor's e-mail for decryption assistance, to give them room to consider variable prices or transaction methods possibly. Readers might remember the Batman_good@aol.com Ransomware using similar methods to take its money without giving back a file-unlocking solution.
Keeping Cheap Copies of Trojans from Posing Authentic Problems
While the DCry Ransomware may not be a direct relation of WannaCryptor Ransomware or the '.wcry File Extension' Ransomware, this absence of family ties doesn't make the Trojan much less threatening than the ones whose brand it borrows for recognition. The DCry Ransomware removes default, Windows-based backups while locking your files and also may include network-accessible drives in any encryption attacks. To eliminate the risk of this Trojan having any access to your digital content, malware experts recommend saving backups to protected cloud services or storage devices that you keep unattached when not in use.
The installation exploits the DCry Ransomware's campaign is using are in analysis, although some combination of spam e-mails and corrupted website content (like the RIG Exploit Kit) are probably the current infection vectors. You can protect your browser from Trojan-downloading threats of these types by blocking scripts, avoiding opening suspicious documents, and letting your anti-malware products detect corrupted URLs and drive-by-download attempts automatically. If active, the latter should remove the DCry Ransomware before it can lock your files.
The DCry Ransomware is part of a long string of efforts by various con artists to copy the success of a Trojan family without having the code to make any real variants. What's in a name often has little to no bearing on the reality of a particular Trojan, which affects which decryption solutions are compatible with your imprisoned media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.