Dme Ransomware Description
The Dme Ransomware is a file-locking Trojan that's part of the Dharma Ransomware, a Ransomware-as-a-Service. The Dme Ransomware can block media files on infected computers with a typically-permanent encryption routine, along with erasing local backups. Users with non-local backups may recover readily, and the right anti-malware solution can protect PCs by removing the Dme Ransomware safely.
The Extortion that Advertises by Name
File-locking Trojans may struggle with naming themes and conventions or even resort to random gibberish as a low-effort marketing solution. This fact is even more accurate than most for Ransomware-as-a-Services as profuse as the Dharma Ransomware, one of its kind largest families. With offshoots from the Bmd Ransomware and the Cl Ransomware to the GTF Ransomware, the Rxx Ransomware, and the Kr Ransomware, these Trojans' admins exhibit little interest in marketing. The Dme Ransomware, a recent sample, is just barely different in that respect.
The Dme Ransomware is a Windows application with an installer under a megabyte, like most variants of the RaaS. Its core feature, AES-derived encryption, blocks files such as documents, spreadsheets, pictures and a range of other digital media. Typical to its RaaS, it also appends ransom-related information to each non-opening file's name, including a campaign-specific e-mail, an ID for the victim, and its 'dme' string.
The advanced HTML (as a pop-up alert) and TXT ransom note that the Dme Ransomware creates use the family formats, which ask for a ransom but provide no details, besides the e-mail. In the Dme Ransomware's case, the e-mail is self-explanatory, as it references the data-unlocking decryption solution, of which the extension is an apparent abbreviation. Besides this modest thematic relevancy, the Dme Ransomware has no novel additions to the RaaS formula.
The Drawback to Decryption on a Criminal's Schedule
Paying threat actors for unlocking data always is a risk, and even Ransomware-as-a-Service affiliates aren't honor-bound for providing data recovery services to the victims. The Dme Ransomware's ransom isn't known to malware researchers, and many similar fees fluctuate with the value of the 'hostage' data. However, many transactions involve hundreds to thousands of dollars, inevitably, in Bitcoins or an equivalent currency with inadequate refund protections.
While the encryption routine in use by this family is well-protected, the obfuscation is trivial. Traditional cyber-security tools should delete the Dme Ransomware before the Trojan blocks files and are the gold standard for most disinfection needs.
The Dme Ransomware's name is an abbreviation of a ransom request, but decryption with bribery doesn't always work out as planned. Those on Windows systems believing otherwise might find themselves out of both files and Bitcoins simultaneously.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Dme Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.