Decrypme Ransomware
The Decrypme Ransomware is a variant of the file-locking Trojan, MedusaLocker Ransomware. Besides having different addresses, malware researchers find few differences between these threats, and the Decrypme Ransomware remains capable of blocking files through encryption. Have your anti-malware programs remove the Decrypme Ransomware as soon as possible and recover from backups as necessary.
The Return of a Petrifying Threat
The Trojan collecting the name of a Greek mythological beast with the petrifying gaze is getting a new version, although this update only is a minor one. The Decrypme Ransomware is a brand-new variant of the MedusaLocker Ransomware, with addresses changed, either to compensate for locked user accounts or for accommodating a new administrator. As such, the Decrypme Ransomware boasts of all the dangers of its progenitor, including, sadly, secure encryption.
The Decrypme Ransomware targets Windows environments with one of the most archetypal choices for locking files, AES backed up by RSA-2048. Through this encryption method, it securely blocks files such as text documents or pictures, while also adding an extension ('decrypme,' which is new to this variant) to the files' names. This attack is the Decrypme Ransomware's leverage for extorting money through the messages it drops for the victim.
Malware researchers also find that the Decrypme Ransomware should be capable of conducting supporting attacks that modify or erase data non-consensually. The most significant of these features is the Decrypme Ransomware's wiping of the Shadow Volume Copies, which is a behavior that it shares with most of the more notable families, like the Globe Ransomware or the Scarab Ransomware. The Decrypme Ransomware also disables other Windows recovery options and suppresses any boot-up errors.
A Satisfying Ending to a Myth Come Back to Life
The Decrypme Ransomware bears the same ransom note as the original MedusaLocker Ransomware – a Web page with an iconic image of a medieval plague doctor, along with the ransoming text. Since the user has changed nothing other than the addresses, including leaving all typoes intact, this symptom provides no clues concerning his or her nationality and other characteristics. While the Decrypme Ransomware is Windows-based, any nation might be at risk from its campaign, along with any user of popular formats like PDF or Word docs, server databases or JPG pictures.
Because there isn't a decryptor that's capable of undoing the Decrypme Ransomware's algorithmic techniques, unlocking files isn't possible without the risk of paying the Trojan's ransom. Instead of potentially wasting money, malware researchers encourage saving one's backups to places that a Trojan can't reach and recovering for free after disinfecting the computer.
Anti-malware programs from most vendors will find and remove the Decrypme Ransomware, just like the earlier MedusaLocker Ransomware, which has little in the way of anti-detection features.
A copy-pasted problem like the Decrypme Ransomware may lack originality, but it still is another danger to avoid on the Internet. Users who download files from the wrong places or forget the importance of network security practices will end up impoverished for doing so, and money is often the least essential price that they pay.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.