DolphinTear Ransomware
Posted: June 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | June 7, 2017 |
|---|---|
| Last Seen: | October 17, 2019 |
| OS(es) Affected: | Windows |
The DolphinTear Ransomware is a Trojan that uses Hidden Tear-based encryption attacks to block you from opening files, such as text documents. PC users who back their data up can prevent the DolphinTear Ransomware's payload from causing any damage that they can't reverse, and malware experts also recommend using free decryptors when appropriate. A majority of anti-malware products should delete the DolphinTear Ransomware as a threat to your computer automatically.
Sea Life Feeding on Your Files
Despite its attacks and vulnerabilities being so well-known and analyzed, Hidden Tear still is being converted into new Trojan campaigns by threat actors without access to any file-encrypting code more sophisticated than this freeware. Standard operating procedure for con artists using a Hidden Tear-based functionality is to modify the directory locations that the Trojan attacks until it's ready for deployment, and drop a customized message so that victims pay the 'right person' for unlocking their encrypted media. Malware researchers find all these telltale markings clear and present in the newly-detected the DolphinTear Ransomware.
The DolphinTear Ransomware uses components for attacking German-language PCs, and multiple samples of this threat with significant threat signatures are verifiable. However, malware analysts have yet to find the Trojan in a finished state, and, for now, attacks only the contents of a 'test' folder. A complete version of the DolphinTear Ransomware most likely will encrypt documents, pictures, and other media throughout a wide range of directories, including the Downloads folder and the desktop.
The DolphinTear Ransomware places a unique '.dolphin' flag at the end of all files it locks by encrypting, which is a routine it runs without any symptoms (as per the norm for Hidden Tear). A secondary feature generates a Notepad text file containing the German ransoming instructions on the user's desktop. Like the Executioner Ransomware, the Resurrection Ransomware, or almost any other version of HT, the Trojan's authors will use these messages to extort money while claiming (not necessarily honestly) that they'll decrypt your files afterward.
Catching the DolphinTear Ransomware in a Strong Security Net
Free decryption options are extant and easily downloadable for counteracting most members of the Hidden Tear family. While malware analysts find no signs of the DolphinTear Ransomware's including any extra protection for its enciphering routine, they also caution against assuming that you always will be able to decode your files. Use backups to keep your digital content safe from threats of this category, especially including widely-used media, such as documents, spreadsheets, archives, pictures and music.
The DolphinTear Ransomware campaign has been caught in its earliest stages and may not see a wider distribution to the public at large. If it does, however, threat actors are most likely of using attacks like spam emails or browser exploits to install the Trojan automatically. Anti-malware products of most brands have good rates for removing the DolphinTear Ransomware and other forks of the Hidden Tear project.
With new versions coming out from different sources weekly, there's almost nowhere to hide from Hidden Tear revamps safely. PC owners not protecting their systems appropriately or making backups may find that their saved files are no better than chum for the DolphinTear Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.