Home Malware Programs Ransomware DecYourData Ransomware

DecYourData Ransomware

Posted: December 27, 2019

The DecYourData Ransomware is a file-locking Trojan without connections to any free or Ransomware-as-a-Service family. Infections can create symptoms including, most importantly, 'locked' files, as well as changed extensions and ransom notes in Notepad format. Qualified anti-malware services should delete the DecYourData Ransomware on sight, and secure, non-local backups are a preferable recovery solution for your data.

A Lone Extortionist Appears

A substantial majority of file-locking Trojans throughout the years come from previously-established groups, which can be 'free' sources like GitHub or Hidden Tear, or 'premium' alternatives like the Scarab Ransomware Ransomware-as-a-Service. Sometimes, though, an independent contender leaves its mark, such as the DecYourData Ransomware. This file-locking Trojan isn't a variant of any previous one, but its symptoms and behavior are using the norms already established by thousands of others.

The DecYourData Ransomware is a Windows-based threat that uses AES encryption – the most popular choice among file-locker Trojans around the world. This encryption routine lets the DecYourData Ransomware 'lock' files, most typically, including documents, pictures, and music, among other media. The DecYourData Ransomware also inserts an extension into their names after the locking attack. It uses an exceptionally long string that includes a bracketed ID, an e-mail address, and the 'all-files-encrypted' line at the end.

The previous extension is, in fact, nearly more protracted than the ransom note that the DecYourData Ransomware creates, which includes very little information. The threat actor provides an e-mail address and requests negotiation with victims providing the custom ID, without giving any 'free samples,' ransom price points, or other details. Victims of any attacks should remember that not all criminals provide decryption help in good faith whether or not they get their payments.

Decrypting Your Data Your Way

The first of the DecYourData Ransomware's verifiable attacks out in the wild are confirmable as of December 2019, which makes the DecYourData Ransomware much younger than most of its competition. However, failsafe measures for mitigating any encryption damage are consistent for file-locking Trojans of most types. Users should emphasize appropriate backup security and storage choices for letting them recover any files without paying, and avoid putting too much trust in 'default' recovery options like the Windows Restore Points.

Distribution exploits for the DecYourData Ransomware's campaign are speculative, and malware analysts require more samples and information for confirming how the Trojan is getting propagated. File-locking Trojans may use flexible infection tactics that can include fake e-mail attachments or torrents, as well as manual attacks targeting servers through brute force. Administrators should use strong passwords and limit privileges appropriately, while all users should be careful about interactions with newly-downloaded files.

A good backup and security application should take care of the DecYourData Ransomware campaign quickly, but ransoms don't come off of the backs of the well-prepared. Forethought is the one thing that sets apart the safe from the victimized in a file-locking Trojan attack, and everyone should invest in it.

Loading...