Home Malware Programs Ransomware Desu Ransomware

Desu Ransomware

Posted: July 23, 2018

The Desu Ransomware is a variation of the Aurora Ransomware, a file-locking Trojan. Its infections may cause your files to stop opening, create ransoming messages demanding money or negotiations for a file-unlocking service or hijack the PC's startup routine. Backups for your work can keep it from being placed in an encryption-based hostage situation, and most anti-malware programs should delete the Desu Ransomware after identifying it as a threat.

File Blockades with a Side of Boot-Up-Hijackings

The Aurora Ransomware file-locking Trojan, which is a small family consisting of less than a dozen, significant variants, is displaying another build with more invasive features than most Trojans of this type. The Desu Ransomware (with 'desu' being a Japanese linking verb that's popularized in English 'meme' subculture) uses some of the classic elements of a file-ransoming attack but also uses one that's rarer than usual: taking over the MBR, or Master Boot Record. Ironically, the new feature blocks any victims from interacting with or identifying the earlier ones.

Besides the semi-counterproductive payload, the Desu Ransomware's file-locking feature is just as functional as that of other releases from the Aurora Ransomware's family, like the Oktropys@protonmail.com Ransomware or the AnimusLocker Ransomware. It uses DES or AES encryption for blocking documents, pictures, and other, non-essential media files, and appends '.desu' extensions to their names. Despite these symptoms, the Desu Ransomware is not a relative of the open-source 'DesuCrypt' project. Malware researchers also find the Desu Ransomware infections dropping standard ransoming messages, in TXT format, on the PCs, which ask for a two hundred dollar Bitcoin purchase of the threat actor's decryption solution.

What other versions of the Aurora Ransomware lack is the Desu Ransomware's use of an MBR-hijacking function. Upon a reboot, Windows ceases loading and, instead, the screen displays a second ransoming message that redirects the victims to an e-mail for the ransoming negotiations. Because this brings the startup process to a permanent halt, the users can no longer read the previous Notepad messages or search the file system for identifying what the Trojan is locking.

Keeping Cultural Jokes Away from Your Things

The memetic nature of the Desu Ransomware's campaign brand has little relevant to its choice of victims; for now, its threat actor only provides ransoming instructions for English speakers. Malware experts can't determine which infection vectors, if any, are active for this threat as of late July. It's also unclear why the Desu Ransomware includes self-defeating and redundant features, although it could be a mark of its historical development from a previous Trojan whose ransoming components were complete before this version's fork.

Scanning possible infection sources, such as e-mail downloads, with your security software can prevent threat actors from compromising your PC and locking its files through any traditional tactics and exploits, such as Word macros. Using conventionally secure backup strategies, such as a removable drive, also is valuable for preserving your files. Infected PCs should reboot through an appropriate recovery device for re-enabling the user's access to the Windows OS and letting an anti-malware product uninstall the Desu Ransomware.

The Desu Ransomware puts twice as much work into its ransoming messages as it's threat actor needed for profiting, but that oddity doesn't handicap its danger to your files. A file-locking Trojan that does even more than block your media is something that everyone should take seriously.

Related Posts

Loading...