Dusk Ransomware

The Dusk Ransomware is a file-locking Trojan that can block media files on Windows PCs. The Dusk Ransomware uses a currently-secure version of RSA encryption for this attack, keeping documents, pictures, and similar content from opening indefinitely. All users should have backups for protecting their work and let dedicated security solutions remove the Dusk Ransomware as appropriate.

Nighttime Falls Upon Slumbering Files

Those left sleeping on security for their PCs have another problem worth contending with through backups: the Dusk Ransomware's small Trojan family. This threat, also encompassing a variant DUSK 2 Ransomware currently, resembles the bare-bones Ransomware-as-a-Service of past years but isn't part of well-known entities on the dark Web like the Crysis Ransomware. The results of infections also are similar: blocked access to most files of value.

Differences between the two versions of the Dusk Ransomware boil down to minor changes in ransom notes and extensions, the latter of which mark which files the Trojan is locking. The Dusk Ransomware uses RSA encryption (estimated as secure from third-party intervention) for the locking procedure and attacks documents, pictures, and other digital media in multiple locations.

The ransom transaction for the threat actor's recovery help also is mildly noteworthy. The attacker asks for just fifty USD in Bitcoins in the original version, with a trivial price hike up to eighty USD in the DUSK 2 Ransomware. Fortunately, the initial campaign is unsuccessful in collecting ransoms, as its wallet has no transaction history or funds. Victims should do their best to keep that state of affairs intact by using alternative recovery options like a remote backup for their files.

A Torch in the Darkness of Trojan Invasions

Some other symptoms of the Dusk Ransomware infections may include changes to the user's wallpaper (usually to display another warning message related to the ransom), deleted backups, or the auto-termination of processes associated with media management programs. While the Dusk Ransomware's ransom is inappropriate for larger companies, the threat can block files on most Windows systems without concern for the overall context of the work environment. Home users also are at risk and should have backups on other devices.

For both the Dusk Ransomware and DUSK 2 Ransomware, Windows users will have to rely on overall-good security practices for containing these threats. Trojans of this type may circulate through exploits that include but aren't limited to:

• Downloads over e-mail or text messages may pretend to be workplace documents, Coronavirus guidelines, or package delivery notices. Most drive-by-downloads in these cases occur through macros (which the user must enable) or out-of-date software vulnerabilities.
•  JavaScript, Java, and Flash are also abusable means of downloading files onto the user's PC while browsing the Web. When in doubt, users can turn these features off or blacklist untrustworthy domains.
• Some file-locker Trojans, most notably, variants of the STOP Ransomware's Ransomware-as-a-Service, use illicit product-themed disguises, such as game cheating tools or software license-cracking torrents.
• The use of unsafe passwords invites attackers into compromising a target, often, as a 'random' attack of opportunity.

Counters to this threat should accommodate defenses for all of the above risks and store data safely elsewhere. Thankfully, most Windows anti-malware programs experience no trouble with flagging or deleting the Dusk Ransomware.

Although the first version of the Dusk Ransomware has come and gone, new releases like DUSK 2 Ransomware are out in the wild, too. Whether it's a fresh, young update, or an out-of-date release, a Trojan with RSA encryption isn't an inconsequential opponent for anyone's unprotected files.