‘.dragnea File Extension’ Ransomware

Posted: August 1, 2018

‘.dragnea File Extension’ Ransomware Description

The '.dragnea File Extension' Ransomware is a variant of FTSCoder, AKA Stupid Ransomware. This version of the Trojan misrepresents itself as being a new form of the file-deleting Jigsaw Ransomware, although its only notable feature, so far, displays a pop-up ransoming message. Let your anti-malware programs remove the '.dragnea File Extension' Ransomware automatically, like any similar threat, and use free decryption solutions or a backup for getting back any files that the Trojan damages.

A Trojan Gets Stupid in Romania

A threat actor is developing a new version of the Stupid Ransomware software, whose resources have been responsible for such Trojans as the Annabelle Ransomware, the Crypto-Blocker Ransomware, the Eternity Ransomware and the Mr403Forbidden Ransomware. This new, Romanian variant is pretending that it's a separate Trojan kind: the arguably more threatening and inconvenient Jigsaw Ransomware, whose notoriety derives from it deleting additional files with an accompanying countdown. However, for now, the '.dragnea File Extension' Ransomware shows neither any data-deletion features nor any live encryption routines.

The '.dragnea File Extension' Ransomware's disingenuous identity derives from the HTA pop-up it launches as its warning and ransoming instructions. The window shows an image of the ex-politician Liviu Dragnea, which the text also references while instructing the victim on paying for unlocking their file data. Like the real Jigsaw Ransomware, the '.dragnea File Extension' Ransomware includes a timer and a payment field, although both of these options do nothing in the samples available to malware analysts.

A complete release of the '.dragnea File Extension' Ransomware is likely of being in the wild in the coming weeks and may include a working version of the Stupid Ransomware's encryption feature. Users can search for their locked files by looking for the '.dragnea' extension that the Trojan adds, with documents, pictures, and other, personal or work media being at high risk. However, they should be careful of applying an incompatible decryption service for restoring their files; the '.dragnea File Extension' Ransomware's family and the Jigsaw Ransomware use different encryption algorithms, and an incorrect decryptor could corrupt your files beyond any recovery.

Don't Let Your Data Get Dragged Down into Political Squabbles

The '.dragnea File Extension' Ransomware's highly regional specificity is a clear mark of its author being familiar with, and likely a resident of, Romania. While its ransoming message is only in Romanian, this file-locker Trojan's future attacks could encrypt files without any filtering out of non-Romanian PCs (based on, for example, their IP addresses). Malware experts do emphasize decryption services from reputable third parties over paying ransom fees, but the decryption freeware for the Stupid Ransomware has yet to receive an update for the '.dragnea File Extension' Ransomware variant.

Other data preservation solutions that are typically capable of counteracting the effects of file-locker Trojans include copying your work to other devices or a cloud server, along with using robust passwords that block any attempts at brute-force attacks. Malware researchers also are stressing the frequency with which spam e-mails correlate to successful attacks by threats of this category. As a final line of defense, you should use an anti-malware program with ideal detection rates against other versions of this family for removing the '.dragnea File Extension' Ransomware safely.

Most file-locking Trojans use English for the simple reason that it guarantees that they can be understood by as many different victims around the world as possible. With exceptions like the '.dragnea File Extension' Ransomware, the niche language is, likely, for a good reason, such as the author's intentions of attacking his victims by methods that are engineered just for them.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ‘.dragnea File Extension’ Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware ‘.dragnea File Extension’ Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.