'.divine File Extension' Ransomware
The '.divine File Extension' Ransomware is an update of the Everbe Ransomware, a file-locker Trojan whose attacks block your documents and other media. This Trojan generates text messages telling you to pay its ransom within seven days for the decryption solution that recovers your files, although there is always a risk with these transactions. Having backups keeps your files at much less risk of suffering permanent damage, and traditional anti-malware applications may remove the '.divine File Extension' Ransomware at any point.
A New Iteration of a Week-Long Trojan Timeline
The group of file-locker Trojans with names ranging from the earliest Everbe@airmail.cc Ransomware through to the Hyena Locker Ransomware, the Thunder Ransomware and the Embrace Ransomware is showing off another fork: the so-called '.divine File Extension' Ransomware. This variant of the file-locker Trojan dates itself to the first week of August and is attacking the general public. Any infection vectors in use aren't knowable, for now, although Remote Desktop-based exploits and spamming e-mail campaigns are two, strong possibilities.
The '.divine File Extension' Ransomware may block personal data on the user's PC by using either an AES (or Rijndael) or DES algorithm and protects the key this activity generates by securing it with another, RSA one. Besides adding the new e-mail address and extension to their filenames, malware experts note no extreme changes in the encryption feature, which can lock documents, pictures, and other, arbitrary content.
Although the '.divine File Extension' Ransomware does deliver an updated version of this family's ransom note, the text is identical to other, recent iterations, except for changing the address and customizing the victim's ID number). As with past attacks, the '.divine File Extension' Ransomware withholds the ransom price until the victim contacts the threat actor for more information and gives a seven-day limit before it increases. This typical social engineering technique forces users into paying before looking into the alternative solutions for data restoration that may be available.
Human Solutions for a Not-Quite-Divine Software
Malware researchers have yet to verify whether or not the '.divine File Extension' Ransomware includes any Windows system restore point-deleting features, although such attacks are a part of this family typically. Any victims requiring file restoration should avoid the ransoming instructions and contact experienced threat researchers for their help with free decryption, which is possible with Trojans of the Everbe Ransomware's family before version 2.0. Backing up your files to different locations, such as removable devices, also is an ideal precaution.
You can protect your PC against the '.divine File Extension' Ransomware, which is specific to Windows platforms, by monitoring its most likely infection vectors. Spamming e-mail campaigns may hide the '.divine File Extension' Ransomware's installer as being a normal document via fake extensions or embedded, threatening content (such as a Word DOC macro). Besides letting your security software remove the '.divine File Extension' Ransomware automatically, the users also should secure their network logins and RDP settings.
It's not surprising that the '.divine File Extension' Ransomware's family is continuing to hold some popularity with different threat actors. Until enough people keep secure backups of their work that there's no point in distributing file-locker Trojans, Ransomware-as-a-Service will stay thriving.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.