Dont_Worry Ransomware
The Dont_Worry Ransomware is a variant of the AMBA Ransomware, a Trojan that locks your files and creates ransom messages for selling its unlocking services. Besides blocking your data, the Dont_Worry Ransomware also launches attacks for disabling different forms of security software. Users should keep backups of any data they care about preserving and have anti-malware programs available for disabling and deleting the Dont_Worry Ransomware at the first available opportunity.
The AMBA Ransomware Comes Back for Russian PCs
The long-quiet AMBA Ransomware family is starting to become active again, with a new variant in deployment. Like the first time, its attacks are targeting Russian PC owners, although it's using the brand name of the Dont_Worry Ransomware. This minor variant of the first Trojan continues locking a range of different data types and delivering simple ransoming messages demanding money without providing any details other than the e-mail for its negotiations.
The Dont_Worry Ransomware excludes essential Windows files, executables and DLL files from its attack, but encrypts most other formats of data, including documents, pictures, archives, audio, movies, 1C databases and backups. This feature prevents the affected files from opening without the decryption service that the Dont_Worry Ransomware's author sells via the text-based ransom note, which gives the victim the e-mail and 'customer' ID. The encrypted filenames also include duplicates of this information.
Malware researchers also note two, other features associated with the Dont_Worry Ransomware infections:
- The Dont_Worry Ransomware restarts the PC automatically, at a preset time, as a part of its routine for disabling other software (see below) and finalizing its file-ransoming efforts.
- The Dont_Worry Ransomware blocks multiple programs from running, including the Windows Firewall and some brands of anti-virus and anti-malware software.
The Dont_Worry Ransomware infections have, in one case, also coincided with the installation of a secondary threat: MinerGate, a Bitcoin miner utility. Although Bitcoin-mining applications are sometimes non-threatening, without proper configuring and consent, they can cause both performance issues and long-term damage to your hardware.
When It's Right to Worry about Trojans
There's no decryption utility for providing free file-unlocking services to the victims of the AMBA Ransomware, and malware researchers find no compelling evidence of the Dont_Worry Ransomware's encryption method being any weaker than the original Trojan's payload. Secure and isolated backups always are the best way of keeping your files protected from Trojans that seek to modify them without your consent. Due to the unpredictability of threat actors, those who collect money that their victims can't refund after any fraudulent behavior particularly, the paying of the Dont_Worry Ransomware's ransom may or may not give you a decryption service in exchange.
So far, malware research teams are tracing all the Dont_Worry Ransomware infections to cases of illicit abusing remote desktop access. RDP attacks may disguise themselves as technical support from a legitimate company, such as Microsoft, or use brute-force software for compromising a PC automatically. Always use secure passwords and avoid handing control of your computer over to suspicious third parties, and let your anti-malware products remove the Dont_Worry Ransomware as they detect it.
No country is safe from data sabotage and extortion, including Russia. However, the AMBA Ransomware's new clone of the Dont_Worry Ransomware, still, requires security mistakes from its victims before it does any damage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.