Dever Ransomware

Dever Ransomware Description

The Dever Ransomware is a file-locking Trojan that can stop documents and similar media from opening. The Dever Ransomware belongs to the Phobos Ransomware family, whose encryption is secure against third-party recovery attempts currently. Appropriate file protection consists of having a protected, offsite backup, and anti-malware tools for removing the Dever Ransomware as soon as it appears.

Residential Businesses Getting into the Extortion Business

The Phobos Ransomware is a long-running family of Trojans with file-blocking features, as per variants like the Adage Ransomware, the Barak Ransomware, the Calum Ransomware, and the '' Ransomware. In its first release for 2020, the Dever Ransomware, operates under similar norms by blocking content while awaiting ransom deposits. Any oddities in the Dever Ransomware boil down to its choice of contact address, which could be referring to a Floridian business.

The Dever Ransomware is out in the wild and extorting money from victims of undisclosed entities currently, which sometimes include government networks, vulnerable businesses or NGOs. Besides a secure encryption mechanism for 'locking' each document and other pieces of media, the Dever Ransomware also inserts an e-mail, ID string, and 'Dever' extension into each filename. The formatting is typical as of most standard versions of Phobos Ransomware.

The text file that the Dever Ransomware creates for its ransom note gives the victim a simple, English message telling them how to contact the threat actor. The only diverging detail that malware researchers see here is the 'backup' e-mail that the criminal offers, which could be a typo-inclusive reference to the Tiffany apartment complex at Maitland, Florida. It would be an extreme oversight for this location to be the criminal's real address since it would facilitate the authority's shutting down their operation promptly.

Restricting the Problems that a Fearful Trojan Family can Instigate

The Dever Ransomware provides many of the dangers that one would anticipate from any competently-designed Ransomware-as-a-Service. The Dever Ransomware disables the Windows firewall, may wipe backups such as the Shadow Volume Copies, and can access local network-available devices for locking their files, as well. The Trojan is a Windows program but, despite some samples having contrary labels, isn't a real virus with virus-like propagation features.

Users should be watchful of incoming e-mail content that may include attempted infection exploits, such as macros inside of fake Word documents. Many of these tactics will use disguises that are relevant to the target industry. Criminals also may drop the Dever Ransomware through brute-force methods that let them establish initial control through gaining possession of weakly-secured accounts. In the latter case, responsible password management is a priority defensive option.

File-locker Trojans rarely have much defense against traditional anti-malware solutions, and the Dever Ransomware isn't an exception to this norm. A clear majority of anti-malware services will detect and delete the Dever Ransomware, although most products use generic descriptors for it.

The quirk of a theme in the Dever Ransomware's e-mail account might be a random choice, or a deliberate one – or incredible carelessness by the threat actor. In any of these three cases, the user's files are just as hopelessly locked, with their recovery best relegated to any available backups.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Dever Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: January 7, 2020
Home Malware Programs Ransomware Dever Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.