Dme Ransomware

Posted: October 9, 2020

Dme Ransomware Description

The Dme Ransomware is a file-locking Trojan that's part of the Dharma Ransomware, a Ransomware-as-a-Service. The Dme Ransomware can block media files on infected computers with a typically-permanent encryption routine, along with erasing local backups. Users with non-local backups may recover readily, and the right anti-malware solution can protect PCs by removing the Dme Ransomware safely.

The Extortion that Advertises by Name

File-locking Trojans may struggle with naming themes and conventions or even resort to random gibberish as a low-effort marketing solution. This fact is even more accurate than most for Ransomware-as-a-Services as profuse as the Dharma Ransomware, one of its kind largest families. With offshoots from the Bmd Ransomware and the Cl Ransomware to the GTF Ransomware, the Rxx Ransomware, and the Kr Ransomware, these Trojans' admins exhibit little interest in marketing. The Dme Ransomware, a recent sample, is just barely different in that respect.

The Dme Ransomware is a Windows application with an installer under a megabyte, like most variants of the RaaS. Its core feature, AES-derived encryption, blocks files such as documents, spreadsheets, pictures and a range of other digital media. Typical to its RaaS, it also appends ransom-related information to each non-opening file's name, including a campaign-specific e-mail, an ID for the victim, and its 'dme' string.

The advanced HTML (as a pop-up alert) and TXT ransom note that the Dme Ransomware creates use the family formats, which ask for a ransom but provide no details, besides the e-mail. In the Dme Ransomware's case, the e-mail is self-explanatory, as it references the data-unlocking decryption solution, of which the extension is an apparent abbreviation. Besides this modest thematic relevancy, the Dme Ransomware has no novel additions to the RaaS formula.

The Drawback to Decryption on a Criminal's Schedule

Paying threat actors for unlocking data always is a risk, and even Ransomware-as-a-Service affiliates aren't honor-bound for providing data recovery services to the victims. The Dme Ransomware's ransom isn't known to malware researchers, and many similar fees fluctuate with the value of the 'hostage' data. However, many transactions involve hundreds to thousands of dollars, inevitably, in Bitcoins or an equivalent currency with inadequate refund protections.

Backups are a one-size-fits-all solution to attacks by the Dme Ransomware and file-locking Trojans of all sources. Users should save backups to other devices for optimal safety, mainly since malware analysts confirm that the Dme Ransomware will delete the Windows Restore Point-based ones. Windows users eager for preventing infection scenarios should monitor passwords for weaknesses, avoid illegal downloads and strange e-mail attachments, and turn off Flash, Java and JavaScript by default.

While the encryption routine in use by this family is well-protected, the obfuscation is trivial. Traditional cyber-security tools should delete the Dme Ransomware before the Trojan blocks files and are the gold standard for most disinfection needs.

The Dme Ransomware's name is an abbreviation of a ransom request, but decryption with bribery doesn't always work out as planned. Those on Windows systems believing otherwise might find themselves out of both files and Bitcoins simultaneously.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Dme Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.