Home Malware Programs Ransomware DotZeroCMD Ransomware

DotZeroCMD Ransomware

Posted: April 23, 2018

The DotZeroCMD Ransomware is a Trojan that imitates GoldenEye Ransomware's attacks by pretending that it's locking your documents, pictures, and other media for collecting a ransom. Malware analysts aren't detecting any data-locking features from the DotZeroCMD Ransomware's current samples. Any victims of this threat can remove the DotZeroCMD Ransomware with an appropriate anti-malware program and ignore its pop-up warnings.

Windows is Getting a Command-Line Fraud

As is often the case, a threat actor is using the infamy garnered by someone else's Trojan campaign for making money off of much less sophisticated attacks. The new copycat is the DotZeroCMD Ransomware, a fake file-locker Trojan that imitates some of the most basic, visual symptoms of the GoldenEye Ransomware. While the DotZeroCMD Ransomware claims that it's a Ransomware-as-a-Service family, it includes no data-locking functionality, and malware experts find no proof of it possessing a traditional, RaaS business model or Web infrastructure.

The DotZeroCMD Ransomware is an under two hundred kilobytes Windows program that uses fake Microsoft copyright data as a part of its infiltration disguise. After launching, the DotZeroCMD Ransomware creates a pop-up imitating the CMD or 'DOS prompt' interface of early versions of Windows, which opens with the ASCII skull and crossbones logo of the GoldenEye Ransomware campaign. The additional content in this warning message follows with a set of instructions for using the built-in decryption feature for the files that the DotZeroCMD Ransomware is supposedly locking.

However, the DotZeroCMD Ransomware imitates the ransoming symptoms without encrypting or blocking your files. Although its threat actors could add this attack to a later version of the Trojan, for now, malware experts rate the DotZeroCMD Ransomware as not being a direct danger to your documents, pictures or other media.

Getting the Fake Gold out of Your Eye

The DotZeroCMD Ransomware's payload is of limited scope but may block your desktop with its pop-up or obfuscate the identity of the infection, which resembles that of a GoldenEye Ransomware attack superficially. The author even uses a TOR-based Webring for the ransoming process, which enhances the DotZeroCMD Ransomware's resemblance to the real, file-locking Trojan. File-locking Trojans often render your files irretrievable without the user's possessing backups that have defenses against non-consensual encryption or deletion.

Targeted e-mail messages and accounting software vulnerabilities are two of the infection vectors that are responsible for the original distribution of the GoldenEye Ransomware around the world. The authors of the DotZeroCMD Ransomware may or may not imitate these distribution methods, and also could utilize others, such as Web-browsing exploits or a torrent-sharing network. Users should update their anti-malware products to keep their chances of deleting the DotZeroCMD Ransomware immediately as optimal as possible.

Trojans misrepresenting themselves is a routine within the industry of file-locker Trojans. Although the DotZeroCMD Ransomware isn't capable of destroying your files, most of its competition is more comprehensive in their ransoming techniques, and users should back up their data instead of hoping to get an easily-solved infection.

Loading...