Dragon Ransomware
The Dragon Ransomware is a file-locking Trojan and variant of the Aurora Ransomware. This threat encrypts media on your computer and holds it for a ransom by selling its decryptor in a text message. Users should recover with freeware decryption services or their backups after removing the Dragon Ransomware through appropriate anti-malware solutions.
Into the Jaws of a Dragon that's Friendly to China
Possibly, it shouldn't surprise anyone that a dragon-themed, file-locker Trojan is taking a positive view on residents of a nation with dragon mythology. The Dragon Ransomware, a young offshoot of the Aurora Ransomware, is just one of a handful of branches that use this threat's encryption techniques for extortion. Its relatives include the AnimusLocker Ransomware, the Desu Ransomware, the CryptoID Ransomware and the Isolated Ransomware. However, unlike them, the Dragon Ransomware is geo-filtering its victims.
The Dragon Ransomware detects the system's IP address and uses that information for estimating the country. If the IP matches for China, Hong Kong, or Taiwan, the payload aborts itself. In other cases, the Dragon Ransomware continues running and launches a DES encryption attack against pictures, spreadsheets, documents, and the rest of the victim's digital media. The Dragon Ransomware is, like other Aurora Ransomware variants, a threat for Windows systems.
The Dragon Ransomware adds a 'locked' extension to the files that it blocks, which is a symptom that users can see in Trojan families besides this one. The ransom note, a TXT file, is kind of unique slightly and uses a template describing the attack as using RSA-2048 falsely. It also asks for 0.3 Bitcoins for a ransom, which malware experts always recommend against paying, but mainly, since the Dragon Ransomware is decryptable by freeware.
Canceling a Mythological Predator's Hunt for Files
Users shouldn't gamble on decryption solutions being as available as they are in the Dragon Ransomware's case; file-locking Trojans, more often, use secure cryptography and have a 'perfect defense' against unlockers. Media that's of any personal or monetary value should be kept on at least one, non-local backup, such as a suitable cloud service. This data redundancy keeps the Dragon Ransomware ever from establishing a potential extortion situation regardless of what it does to your computer's contents.
File-locking Trojans use a diverse range of infection strategies for their distribution. Torrents, Exploit Kits, fake software updates, and e-mail attachments, usually, involve the user's downloading a corrupted file and opening it. However, some attacks may use brute-force methods that drop threats like the Dragon Ransomware without needing any help, other than a weak password.
Professional anti-malware products for Windows computers should uninstall the Dragon Ransomware, or detect the threat and stop its installation.
The Dragon Ransomware's avoiding Chinese residents implies that the threat actor that's using it is in the same area. Unfortunately, with a population of over a billion, the chances of the authorities finding the Dragon Ransomware's author aren't very optimistic.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.