‘.dragnea File Extension’ Ransomware

The '.dragnea File Extension' Ransomware is a variant of FTSCoder, AKA Stupid Ransomware. This version of the Trojan misrepresents itself as being a new form of the file-deleting Jigsaw Ransomware, although its only notable feature, so far, displays a pop-up ransoming message. Let your anti-malware programs remove the '.dragnea File Extension' Ransomware automatically, like any similar threat, and use free decryption solutions or a backup for getting back any files that the Trojan damages.

A Trojan Gets Stupid in Romania

A threat actor is developing a new version of the Stupid Ransomware software, whose resources have been responsible for such Trojans as the Annabelle Ransomware, the Crypto-Blocker Ransomware, the Eternity Ransomware and the Mr403Forbidden Ransomware. This new, Romanian variant is pretending that it's a separate Trojan kind: the arguably more threatening and inconvenient Jigsaw Ransomware, whose notoriety derives from it deleting additional files with an accompanying countdown. However, for now, the '.dragnea File Extension' Ransomware shows neither any data-deletion features nor any live encryption routines.

The '.dragnea File Extension' Ransomware's disingenuous identity derives from the HTA pop-up it launches as its warning and ransoming instructions. The window shows an image of the ex-politician Liviu Dragnea, which the text also references while instructing the victim on paying for unlocking their file data. Like the real Jigsaw Ransomware, the '.dragnea File Extension' Ransomware includes a timer and a payment field, although both of these options do nothing in the samples available to malware analysts.

A complete release of the '.dragnea File Extension' Ransomware is likely of being in the wild in the coming weeks and may include a working version of the Stupid Ransomware's encryption feature. Users can search for their locked files by looking for the '.dragnea' extension that the Trojan adds, with documents, pictures, and other, personal or work media being at high risk. However, they should be careful of applying an incompatible decryption service for restoring their files; the '.dragnea File Extension' Ransomware's family and the Jigsaw Ransomware use different encryption algorithms, and an incorrect decryptor could corrupt your files beyond any recovery.

Don't Let Your Data Get Dragged Down into Political Squabbles

The '.dragnea File Extension' Ransomware's highly regional specificity is a clear mark of its author being familiar with, and likely a resident of, Romania. While its ransoming message is only in Romanian, this file-locker Trojan's future attacks could encrypt files without any filtering out of non-Romanian PCs (based on, for example, their IP addresses). Malware experts do emphasize decryption services from reputable third parties over paying ransom fees, but the decryption freeware for the Stupid Ransomware has yet to receive an update for the '.dragnea File Extension' Ransomware variant.

Other data preservation solutions that are typically capable of counteracting the effects of file-locker Trojans include copying your work to other devices or a cloud server, along with using robust passwords that block any attempts at brute-force attacks. Malware researchers also are stressing the frequency with which spam e-mails correlate to successful attacks by threats of this category. As a final line of defense, you should use an anti-malware program with ideal detection rates against other versions of this family for removing the '.dragnea File Extension' Ransomware safely.

Most file-locking Trojans use English for the simple reason that it guarantees that they can be understood by as many different victims around the world as possible. With exceptions like the '.dragnea File Extension' Ransomware, the niche language is, likely, for a good reason, such as the author's intentions of attacking his victims by methods that are engineered just for them.