Dewar Ransomware
The Phobos Ransomware family has made the news headlines a few times in 2020, and one of the latest variants to be discovered online goes by the name Dewar Ransomware. This cyber-threat is able to execute a swift and devastating file-encryption attack, which is guaranteed to encrypt the contents of valuable files found on the compromised computer. Unfortunately, it is very unlikely that the victims of the Dewar Ransomware will be able to rely on a free data recovery tool to undo the damage done by the ransomware – the only reliable way to get the locked files back to normal is to restore them from a recent data backup currently.
The Dewar Ransomware does not bring any surprises with the attack techniques it uses. When launched, it will begin to scan hard drive partitions and look for specific files that it has been programmed to encrypt. Whenever it corrupts a file, it will add a new extension to its filename – '.id[VICTIM ID].[kryzikrut@airmail.cc].dewar.' During the attack, the Dewar Ransomware will attempt to encrypt popular file formats such as documents, spreadsheets, presentations, archives, images, videos, etc. After it is finished with this task, the Dewar Ransomware will drop the ransom messages 'info.txt,' and 'info.hta' – both of them have identical contents that urge the victim to pay a ransom fee via a cryptocurrency transfer.
The criminals state that they are willing to decrypt up to five files for free so that their victims will have proof that the decryption service works as reliably. Users who wish to test the decryption tool should send their files to the attackers by using the following contact details:
- Emails kryzikrut@airmail.cc and kokux@tutanota.com.
- Jabber decrypt_here@xmpp.jp.
- Telegram @hpdec.
We would not advise you to pay the ransom fee if the attackers do end up decrypting five of your files for free – the money you send to the Dewar Ransomware's operators may motivate them to continue to run their fraudulent schemes, and there is still a high risk that you might end up losing both your money and your files.
If the Dewar Ransomware has prevented you from accessing your files, we suggest that you take care of its removal with the use of a reputable anti-malware scanner. After you have made sure to eradicate its files, you should attempt to use alternative data recovery tools that are recommended to victims of ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.