DUSK 2 Ransomware
The DUSK 2 Ransomware is a file-locking Trojan that's an update of the previous Dusk Ransomware. Besides changes to some features' names, it remains mostly-similar to its predecessor, including blocking media files with RSA encryption. Users should let their anti-malware services remove the DUSK 2 Ransomware upon detection and store backups on other devices for recovering any locked files.
Small Updates for Not-So-Small Data Problems
Te Dusk Ransomware, first seen by malware experts in the fall of 2020, already shows a semi-significant update out in circulation. As with the previous edition, there are no significant clues about how the DUSK 2 Ransomware's campaign is distributing the Trojan, but its goals and methods are the same. By blocking Windows media and holding it for ransom, it extorts Bitcoins from victims without other backup options.
The DUSK 2 Ransomware targets Windows environments with an RSA encryption routine that can block multiple formats, including Word's DOCs, INI configuration files, Notepad TXTs, JPG pictures and others. It changes the extension to a minor variant of Dusk Ransomware's old one by using all-caps ('DUSK'). Malware experts rate its encryption as secure for the time being, although future analysis of samples may change this conclusion.
The DUSK 2 Ransomware also is one of a minority of file-locker Trojans that creates multiple duplicates of its ransom note in various locations (both base drives and media folders like My Documents, for example). The threat actor is updating the instructions from the previous edition's set but retains the Bitcoin ransom. The Trojan also hijacks the desktop, although the only purpose of the function is for showing a notice that redirects victims to the new 'README' file.
Bringing Some Daylight to a DUSK 2 Ransomware Attack
Because the DUSK 2 Ransomware attack locks most media formats in multiple locations on the infected PC, the existence of a comprehensive backup for a fallback position is essential. Recovery through paying the threat actor's ransom may or may not result in the desired outcome, and malware researchers recommend attempting all other solutions before doing so. Although the DUSK 2 Ransomware's note refers to 'military-grade' encryption methods, this text is a copy of previous messages and could be inaccurate or misleading.
Users with backups on other devices, such as a cloud service or a removable drive, have the best chances of limiting any encryption damage from the DUSK 2 Ransomware attacks. Infections may occur through methods such as e-mail phishing lures (such as fake, attached documents with exploits inside of macros), torrents of illegal content like game cheating tools, or fraudulent software updates. Safe Web-browsing and password management behavior will limit most angles of attack that the threat actor might abuse.
Although unlocking files from the DUSK 2 Ransomware campaign remains a puzzle that may never see resolution, most PC security products can delete the DUSK 2 Ransomware, like similar Trojans.
The DUSK 2 Ransomware's changes to files' names and warning messages aren't very impressive technically, but the fact that its author isn't abandoning the project is notable. From Dusk Ransomware to the DUSK 2 Ransomware, there's no telling what else is in store from this diminutive Trojan family.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.