Mr.Dec Ransomware
The Mr.Dec Ransomware is a file-locking Trojan that encrypts your media and creates screen-blocking pop-ups promoting its premium decryption service. There always is a risk of criminals not honoring these agreements or providing a faulty decryptor, and users should restore their work from a backup or use free decryption software when either one is available. Having an anti-malware product remove the Mr.Dec Ransomware is the most dependable way of preventing any further, unwanted encryption of your files.
Criminals Telling You to Hurry Towards Their Hoax
The ongoing use of time as a pressuring mechanism against the victims of data-ransoming crimes continues being a significant aspect of file-locking Trojans' campaigns. Although this tactic is one that's infamous thanks to the Jigsaw Ransomware attacks particularly, which could delete files regularly, malware analysts also are finding new, apparently unrelated threats showing similar methodology. These Trojans include the Mr.Dec Ransomware, who bears some resemblance to Ransomware-as-a-Service projects like the Crysis Ransomware and the Globe Ransomware but hasn't had verification of any lineage.
Despite a short supply of samples, malware experts suspect that the Mr.Dec Ransomware is already in distribution against live targets in the wild. The Trojan uses AES or similar encryption methods for 'locking' the files of infected computers, which can include text documents, pictures, databases, archives, and other content, particularly data related to the Microsoft's Office suite. After completing this task, the Mr.Dec Ransomware launches an advanced HTML pop-up.
This splash window may block the desktop and include a largely-English set of instructions for contacting the Trojan's admin and buying a decryption tool. Some of the more identifiable characteristics of the note that malware experts are noting include a minor Russian-language prompt and an active countdown before the criminal, supposedly, destroys his half of the decryption key, for any victims who refuse to pay quickly.
Getting the Mister Decrypt Tactic out of Your Screen Space
The Mr.Dec Ransomware uses a 'client' tracking system that's similar to that of the RSAUtil Ransomware family, the Donald Trampo Ransomware, the Globe Imposter Ransomware's many variants, and other Trojans with file-locking features. Malware experts also determined that most of the content of the Mr.Dec Ransomware's ransoming message is from other campaigns that may or may not have any significant relationship with this Trojan. Victims can expect infection methods for the Mr.Dec Ransomware's campaign to consist of e-mail attachments, brute-force attacks against networks with below par password security, and exploit kits (threats that load inside your browser and use passive software vulnerabilities to install unwanted software).
All file-locking Trojans can have the damage of their payloads mitigated with nothing more than a non-local, secure backup that lets the user recover their work without needing any decryption services. Some members of the cybersecurity community also provide decryption assistance, although malware experts can't confirm whether the Mr.Dec Ransomware's encryption method is breakable, yet. A standard anti-malware application also can block the Mr.Dec Ransomware or remove the Trojan from an infected PC.
The Mr.Dec Ransomware's campaign is more likely than otherwise of targeting Russian citizens. However, data-locking attacks are a problem for the entire world, and one of many reasons for keeping copies of what's important to you in safekeeping.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.