TheDarkEncryptor Ransomware
Posted: June 9, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 75 |
First Seen: | June 9, 2017 |
---|---|
OS(es) Affected: | Windows |
TheDarkEncryptor Ransomware is a Trojan that makes your files illegible temporarily by encrypting them. It extorts money from the victims by selling its decryptor for a cryptocurrency ransom and shows other symptoms imitating the well-known Jigsaw Ransomware. Malware experts recommend having security software to disable or delete TheDarkEncryptor Ransomware, as well as external backups for restoring anything it locks.
When Darkness Washes over Your Desktop
A lone Trojan whose campaign is successful, profitable, or simply well-known, often becomes a focal point for threat actors to copycat. Many fake versions of these actual threats do include some, limited attacks, but not to the same extent as the 'real thing' necessarily. For instance, malware experts are continuing to catch samples of the Jigsaw Ransomware imitators like the brand-new TheDarkEncryptor Ransomware.
Just as with the Jigsaw Ransomware that it strives to mimic, TheDarkEncryptor Ransomware uses encryption for profit by blocking files on the computer that it infects. Symptoms the user may see after it completes all of its attack routines include:
- TheDarkEncryptor Ransomware can scan for files to lock on your PC (typically including documents, archives, pictures, or content associated with the Microsoft Office software) and encrypt these files. The encryption prevents other programs from opening them, although malware experts can't confirm TheDarkEncryptor Ransomware's assertion of the Trojan's using a 'military-grade' cipher.
- The 'tdelf' extension that TheDarkEncryptor Ransomware adds to the filenames of above media helps the victim ascertain the extent of the data loss without overwriting the original names.
- TheDarkEncryptor Ransomware creates a Notepad TXT file on the user's desktop, carrying the majority of the details for its ransoming instructions. The threat actor asks for Bitcoins, paid within a time limit, to unlock your files.
- The Trojan's last symptom is a desktop image-hijacking feature that replaces any background with TheDarkEncryptor Ransomware's modified version of the Jigsaw Ransomware screen. While TheDarkEncryptor Ransomware doesn't pretend to be a remake of that threat, it does format its warning image as a facsimile, and, like the Jigsaw Ransomware, threatens negative consequences for not paying on time.
Bringing Light Back to Your PC without Expenses
Based on current evidence, malware researchers are classifying TheDarkEncryptor Ransomware as an unrelated imitation of the Jigsaw Ransomware, rather than a relative or variant. The difference is meaningful for anyone trying to unlock their files, since the Jigsaw Ransomware is infamous for being capable of deleting files under various conditions, including whenever the computer restarts. If you do have any concerns about triggering similar, automated attacks from file-encrypting Trojans, you should reboot your PC through a peripheral device or use Safe Mode for disabling lesser threats like TheDarkEncryptor Ransomware.
TheDarkEncryptor Ransomware's threat actor, Carlv, has yet to deploy this Trojan widely to the public. Con artists using encryption-based extortion attacks often get access to their victims' files by brute-forcing bad passwords, delivering threats over e-mail messages, or compromising Web traffic through exploit kits. Good user safety habits, careful Web-browsing settings, and appropriate security software all are necessary components for blocking these infection methods. Although only a relatively small number of anti-malware programs delete TheDarkEncryptor Ransomware as a threat currently, updating their databases can improve their detection chances.
TheDarkEncryptor Ransomware is a less advanced and invasive Trojan than the Jigsaw Ransomware campaign's namesake. Sadly, 'less threatening' for a Trojan still equates to a program that's perfectly capable of damaging your files in perpetuity.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 1.06 MB (1068032 bytes)
MD5: 2247240f7b7f2885a9cb21efe1c25a44
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 13, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.