Dulgtv Ransomware

The Dulgtv Ransomware is a file-locking Trojan that's part of Xorist Ransomware's family, a freeware Trojan project. The Dulgtv Ransomware can stop files from opening by encrypting their internal data and adds extensions to their identification names. Users can restore from backups or with a free decryption solution but should safely remove the Dulgtv Ransomware first through traditional anti-malware tools.

The Lifeguard that Drowns Its Clients

File-locking Trojans may come from almost anywhere, but some wellsprings last longer than others – like Trojan-generating 'builder' applications. The Dulgtv Ransomware is one of the newer growths from the Xorist Ransomware family from its program-building tool. Its campaign theme is a little more colorful than its apparently-random name might seem, but well-themed or not, it's another resource for sabotaging files and blocking them in perpetuity.

The Dulgtv Ransomware is a Windows program with a standardized set of features from the Trojan-constructing kit, which requires little to no programming knowledge for its use. The Dulgtv Ransomware can block files with encryption (using XOR or TEA algorithms) and stop their opening indefinitely, like most file-locking Trojans. By attacker-configurable formats, victims may expect the Dulgtv Ransomware's targeting media, such as Word DOCs, Notepad TXTs, JPG pictures, or MP4 music. The Trojan also appends an extension (see its name for the relevant string), but removing it doesn't affect the attack's data encryption aspect.

The Dulgtv Ransomware also drops a ransom note in English that carries over the wording of older Ransomware campaigns, including grammar errors. However, it doesn't use fellow Xorist Ransomware member warnings, a la Bl9c98vcvv Ransomware, Cryptedx Ransomware, ZaLtOn Ransomware or Xorist-TAKA Ransomware. Instead, the Dulgtv Ransomware copies a Snatch Ransomware variant's message, the Jdokao Ransomware – except for its e-mails. The addresses in the Dulgtv Ransomware campaign use 'lifeguard' themes for the data restoration, which presents a friendlier tone for negotiations over decryption than most file-locking attacks.

A Vacation Away from Trojan-Swept Shores

There's more than irony in the Dulgtv Ransomware's positioning itself as a savior to a victim while also being the cause of the danger to their files. Ideally, victims will have backups on other devices that make any negotiations unnecessary. Malware experts also note that the Dulgtv Ransomware family is one of a handful that has freely-downloadable decryption solutions. However, updates might render the Dulgtv Ransomware's campaign immune to that antidote.

Trojans from the Dulgtv Ransomware family are freely-available to threat actors everywhere in the world and are compatible with most versions of Windows. Users can increase their safety while browsing the Web by turning off some features, most notably, advertisements, pop-ups, Flash, Java and JavaScript. Secure passwords also are valuable, especially for administrators over networks and servers with files of any value. Malware experts also point to possible drive-by-downloads coming over e-mail or instant messages, such as fake work documents, invoices, and delivery notices.

Windows PCs protected by reputable anti-malware services also will identify and delete the Dulgtv Ransomware in many cases. Users should submit samples to researchers, when appropriate, and always update their security service's threat database when prompted for accuracy.

A lifeguard that pushes victims into the water before saving them at a fee is an outrageous concept, but the Dulgtv Ransomware is a copycat in a long-running fad. The dark Web is rife with threats just like it, all of which are easily-blocked-off by even basic backup techniques, provided that users implement them.