DMO Ransomware

The DMO Ransomware is a file-locking Trojan from the Ransomnix Ransomware family. This group's campaigns focus on compromising victims' websites and encrypting the contents, such as database files. Website administrators should restore from a backup instead of paying the ransom and use anti-malware products for deleting the DMO Ransomware safely.

Two Years of Campaigning with a Not-So-Anonymous Trojan

The Ransomnix Ransomware family is quieter than Ransomware-as-a-Service operations like Scarab Ransomware, but being low-key doesn't equate to silent. Activity in this family is renewing in June of 2019, thanks to the DMO Ransomware. While malware experts see no signs of the old, symbol-loaded ransoming warnings, the DMO Ransomware's encryption – how it locks files – is unimpaired.

The DMO Ransomware uses the AES-256 encryption for blocking the target's digital media, which can include the majority of file formats on a website's server and such personal content as pictures or documents. Its 'dmo' extension, added to their names, remains the most direct means of sorting working files from ones that the Trojan is keeping hostage. There isn't a free decryption solution to the DMO Ransomware's family, and malware experts rate the chances of one's development as impractical regrettably.

The file-locking Trojan doesn't use the old, Anonymous and Jigsaw movie-themed warnings of past versions of the Ransomnix Ransomware, but does have a Notepad text file, instead. Through this message, it asks for an indefinite quantity of Bitcoins for the decryptor and gives a hard limit of one week before the threat actor deletes their unlocking key. The format is a copy-and-paste template of other, 2019 members of the Ransomnix Ransomware, although malware experts do see updates to the contact information.

The Three Letters Your Site Doesn't Have to See

Website servers, especially, for small businesses with poor security practices, are regular targets for file-locker Trojan attacks. Site admins can protect their servers from these invasions with all of the following:

• Updating site software will lower the availability of vulnerabilities, although managed hosting services should do this automatically.
• Use passwords for logins that a hacker can't brute-force or dictionary attack by guessing it through Black Hat utilities.
• Familiarize yourself with network security tools, such as XSS attack and SQL injection checkers.
• Use HTTPS for protecting confidential data-transferring features.

Prominent CMS (Content Management System) sites tend towards being more at risk from these attacks, albeit, not exclusively so. Users should protect their personal computers from this threat and use anti-malware products for eliminating the DMO Ransomware, just like all other file-locking Trojans.

There's no telling how much the DMO Ransomware is asking for, although average ransoms can be hundreds of dollars equivalent. One thing's for sure: Bitcoin ransoms end in favor of the party that's giving up the cryptocurrency rarely.