Dviide Ransomware
Posted: June 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 26 |
First Seen: | June 6, 2017 |
---|---|
Last Seen: | March 1, 2023 |
OS(es) Affected: | Windows |
The Dviide Ransomware is a file-encoding Trojan that can lock documents and other media by encrypting them. Symptoms of a Dviide Ransomware infection usually will include Windows pop-ups asking you to visit the Trojan's website, through which the threat actor can ask for money to help you unlock the files. Almost any anti-malware product should detect and remove the Dviide Ransomware as a threat, and backups can keep its options for causing data loss to a minimum.
Trojans Widening the Divide Between You and the Contents of Your PC
With all the noise of new activity using old versions of threatening software, such as the Jigsaw Ransomware, PC owners shouldn't forget that Trojan authors also can create new threats with little time or effort. The Dviide Ransomware campaign is one of the newest in a series of file-encrypting attacks that malware analysts can't connect back to an older family of well-established threats. Its payload uses the standard threats of blocking you off from your digital content to force you into following its suggestions, most likely, leading to financial extortion.
The Dviide Ransomware uses encryption to damage your files, with its scans targeting data including documents (such as DOC or PDF), pictures (JPG, BMP), or archives (ZIP, RAR). Every file the Trojan enciphers successfully also has the '.dviide' extension appended to its name, with no other filename edits that malware experts can determine. The attack keeps other applications from opening these files until they're decoded with a decryptor using the custom key.
When it blocks everything fitting its format and location parameters, the Dviide Ransomware launches a pop-up, which is the only visual symptom its payload appears to include. This message box displays the Dviide Ransomware's built-in decryption module, a 'reset' button, a 'prove decryption' button that most likely provides a limited demonstration, and requests from the Trojan's threat actor to navigate to his website. These sites usually will ask for Bitcoins or other currency exchanges to profit from 'selling' the decryption key to the files that the Trojan is blocking.
Turning Digital Division into Unity
Although the Dviide Ransomware's unassuming ransom note may seem innocent, in comparison to ones that lie or use fear-based social manipulation, it could endanger a victim following its advice. Malware experts recommend against visiting a website promoted by threatening software, which is highly likely of containing content that could further compromise your PC's security, such as exploit kits. Additionally, many file-encrypting Trojans are decryptable with the free tools created by the anti-malware industry.
The new Dviide Ransomware campaign is using infection methods that malware experts have yet to verify in full. File-encrypting threats are known for using e-mail spam, corrupted document macros, HTML scripts, software bundles, and brute-forced breaches of servers as ways of gaining access to files worth locking. In addition to protecting your computer with anti-malware products that could delete the Dviide Ransomware, scheduling backups can give you the easiest recovery solution possible.
The Dviide Ransomware and Trojans similar to it make money from the lax security habits of PC users. The sooner you act to keep your files safe, the sooner malware researchers expect to see precipitous declines in the numbers of attacks like this Trojan's campaign.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 210.43 KB (210432 bytes)
MD5: 98031e88906a9f1dbe37b90f445eecc9
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.