Home Malware Programs Ransomware TheDarkEncryptor Ransomware

TheDarkEncryptor Ransomware

Posted: June 9, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 75
First Seen: June 9, 2017
OS(es) Affected: Windows

TheDarkEncryptor Ransomware is a Trojan that makes your files illegible temporarily by encrypting them. It extorts money from the victims by selling its decryptor for a cryptocurrency ransom and shows other symptoms imitating the well-known Jigsaw Ransomware. Malware experts recommend having security software to disable or delete TheDarkEncryptor Ransomware, as well as external backups for restoring anything it locks.

When Darkness Washes over Your Desktop

A lone Trojan whose campaign is successful, profitable, or simply well-known, often becomes a focal point for threat actors to copycat. Many fake versions of these actual threats do include some, limited attacks, but not to the same extent as the 'real thing' necessarily. For instance, malware experts are continuing to catch samples of the Jigsaw Ransomware imitators like the brand-new TheDarkEncryptor Ransomware.

Just as with the Jigsaw Ransomware that it strives to mimic, TheDarkEncryptor Ransomware uses encryption for profit by blocking files on the computer that it infects. Symptoms the user may see after it completes all of its attack routines include:

  • TheDarkEncryptor Ransomware can scan for files to lock on your PC (typically including documents, archives, pictures, or content associated with the Microsoft Office software) and encrypt these files. The encryption prevents other programs from opening them, although malware experts can't confirm TheDarkEncryptor Ransomware's assertion of the Trojan's using a 'military-grade' cipher.
  • The 'tdelf' extension that TheDarkEncryptor Ransomware adds to the filenames of above media helps the victim ascertain the extent of the data loss without overwriting the original names.
  • TheDarkEncryptor Ransomware creates a Notepad TXT file on the user's desktop, carrying the majority of the details for its ransoming instructions. The threat actor asks for Bitcoins, paid within a time limit, to unlock your files.
  • The Trojan's last symptom is a desktop image-hijacking feature that replaces any background with TheDarkEncryptor Ransomware's modified version of the Jigsaw Ransomware screen. While TheDarkEncryptor Ransomware doesn't pretend to be a remake of that threat, it does format its warning image as a facsimile, and, like the Jigsaw Ransomware, threatens negative consequences for not paying on time.

Bringing Light Back to Your PC without Expenses

Based on current evidence, malware researchers are classifying TheDarkEncryptor Ransomware as an unrelated imitation of the Jigsaw Ransomware, rather than a relative or variant. The difference is meaningful for anyone trying to unlock their files, since the Jigsaw Ransomware is infamous for being capable of deleting files under various conditions, including whenever the computer restarts. If you do have any concerns about triggering similar, automated attacks from file-encrypting Trojans, you should reboot your PC through a peripheral device or use Safe Mode for disabling lesser threats like TheDarkEncryptor Ransomware.

TheDarkEncryptor Ransomware's threat actor, Carlv, has yet to deploy this Trojan widely to the public. Con artists using encryption-based extortion attacks often get access to their victims' files by brute-forcing bad passwords, delivering threats over e-mail messages, or compromising Web traffic through exploit kits. Good user safety habits, careful Web-browsing settings, and appropriate security software all are necessary components for blocking these infection methods. Although only a relatively small number of anti-malware programs delete TheDarkEncryptor Ransomware as a threat currently, updating their databases can improve their detection chances.

TheDarkEncryptor Ransomware is a less advanced and invasive Trojan than the Jigsaw Ransomware campaign's namesake. Sadly, 'less threatening' for a Trojan still equates to a program that's perfectly capable of damaging your files in perpetuity.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 1.06 MB (1068032 bytes)
MD5: 2247240f7b7f2885a9cb21efe1c25a44
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 13, 2017
Loading...