Dex Ransomware

Posted: November 20, 2020

Dex Ransomware Description

The Dex Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family, a Ransomware-as-a-Service. The Dex Ransomware can block most media formats, including documents, on infected PCs, delete their backups, change their extensions, and leave behind ransom notes. Users should have backups on at least one other device for restoring any content and let their dedicated security services remove the Dex Ransomware.

Some More Ransomware-as-a-Service with a Smile

The Dharma Ransomware family appears neck-and-neck with the STOP Ransomware as a favorite Ransomware-as-a-Service on the dark Web as of 2020. Due to its streamlined but effective features and general ease of usability, the family's variants, like the Fresh Ransomware, the KICK Ransomware, the PLUT Ransomware, the Zimba Ransomware, or the freshly-identified the Dex Ransomware, are appearing in threat analysis databases regularly. For its part, the Dex Ransomware leaves a few linguistic clues that may or may not relate to its campaign but is an otherwise-vanilla version of this Trojan collective.

The Dex Ransomware's attacks abide by a long-established data sabotage pattern that preferentially targets media formats, such as documents, pictures, or databases. During installation, it establishes a basic launch routine through Windows Startup and proceeds with 'locking' or encrypting the user's files, which prevents them from opening. The Trojan adds an extension with ransoming information and its campaign tag of '.dex' to them and leaves a generic Dharma Ransomware HTA note for extortion.

Although the Dex Ransomware's startup component uses a random name, its installer currently circulates under 'pavodu,' which has several etymological possibilities, including Czech and Croatian. Although Germany is a more typical target for these attacks, entities in other areas of Europe also are at risk, as the Dex Ransomware's campaign reminds readers. While malware analysts require more samples for confirming any infection exploits, the Dex Ransomware is a recently-dated variant threat of no earlier than mid-November.

Restoring Work from Trojans of Suspect Nationality

Whichever nations the Dex Ransomware might target, its attacks, and those of its relatives in the same family, can block users' files on most versions of Windows, without any concern for language settings or other geographical details. Since the Dex Ransomware also wipes the Restore Points, Windows users are best capable of recovering with the assistance of non-local backups, such as protected cloud services. Paying the ransom is a possibility but doesn't always pay off due to the naturally 'flexible' business values and trustworthiness of threat actors.

Windows users also should abide by security standards that are universally likely to prevent attacks by Dharma Ransomware variants like the Dex Ransomware and other families of file-locker Trojans. While browsing the Web, disabling some features, such as scripts, and updating software through secure sources, will counteract most drive-by-download exploits by Exploit Kits and the like. Password security also is vital for network and server admins, who risk brute-force attacks whenever they use easily-cracked credentials.

Samples of the Dex Ransomware are tripping typical threat analytics from most vendors. Anti-malware products should quarantine or delete the Dex Ransomware and may block any file-locking attacks from happening effectively.

Each ransom in a criminal's wallet is another motivator for threats like the Dex Ransomware. With this threat's prime weakness being data security standards, nobody should assume that their files are safe only with nothing more than a local backup.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Dex Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.