Dever Ransomware
The Dever Ransomware is a file-locking Trojan that can stop documents and similar media from opening. The Dever Ransomware belongs to the Phobos Ransomware family, whose encryption is secure against third-party recovery attempts currently. Appropriate file protection consists of having a protected, offsite backup, and anti-malware tools for removing the Dever Ransomware as soon as it appears.
Residential Businesses Getting into the Extortion Business
The Phobos Ransomware is a long-running family of Trojans with file-blocking features, as per variants like the Adage Ransomware, the Barak Ransomware, the Calum Ransomware, and the 'fobosamerika@protonmail.ch' Ransomware. In its first release for 2020, the Dever Ransomware, operates under similar norms by blocking content while awaiting ransom deposits. Any oddities in the Dever Ransomware boil down to its choice of contact address, which could be referring to a Floridian business.
The Dever Ransomware is out in the wild and extorting money from victims of undisclosed entities currently, which sometimes include government networks, vulnerable businesses or NGOs. Besides a secure encryption mechanism for 'locking' each document and other pieces of media, the Dever Ransomware also inserts an e-mail, ID string, and 'Dever' extension into each filename. The formatting is typical as of most standard versions of Phobos Ransomware.
The text file that the Dever Ransomware creates for its ransom note gives the victim a simple, English message telling them how to contact the threat actor. The only diverging detail that malware researchers see here is the 'backup' e-mail that the criminal offers, which could be a typo-inclusive reference to the Tiffany apartment complex at Maitland, Florida. It would be an extreme oversight for this location to be the criminal's real address since it would facilitate the authority's shutting down their operation promptly.
Restricting the Problems that a Fearful Trojan Family can Instigate
The Dever Ransomware provides many of the dangers that one would anticipate from any competently-designed Ransomware-as-a-Service. The Dever Ransomware disables the Windows firewall, may wipe backups such as the Shadow Volume Copies, and can access local network-available devices for locking their files, as well. The Trojan is a Windows program but, despite some samples having contrary labels, isn't a real virus with virus-like propagation features.
Users should be watchful of incoming e-mail content that may include attempted infection exploits, such as macros inside of fake Word documents. Many of these tactics will use disguises that are relevant to the target industry. Criminals also may drop the Dever Ransomware through brute-force methods that let them establish initial control through gaining possession of weakly-secured accounts. In the latter case, responsible password management is a priority defensive option.
File-locker Trojans rarely have much defense against traditional anti-malware solutions, and the Dever Ransomware isn't an exception to this norm. A clear majority of anti-malware services will detect and delete the Dever Ransomware, although most products use generic descriptors for it.
The quirk of a theme in the Dever Ransomware's e-mail account might be a random choice, or a deliberate one – or incredible carelessness by the threat actor. In any of these three cases, the user's files are just as hopelessly locked, with their recovery best relegated to any available backups.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.