Decrypme Ransomware

Ransomware threats are every user's nightmare. This nasty malware will make sure to lock all your data as soon as it infiltrates your system. Then, data-locking Trojans attempt to blackmail users into paying them money if they want to reverse the damage done to their files. One of the most recently spotted file-encrypting Trojans is the Decrypme Ransomware. Upon studying this threat, malware researchers concluded that it likely belongs to the MedusaLocker Ransomware family.

Propagation and Encryption

The propagation method used in the distribution of the Decrypme Ransomware has not yet been uncovered. Authors of ransomware threats tend to utilize spam emails as a means to propagate their malware. The emails often consist of a misleading message, which attempts to convince the user to launch the attached file. This attachment would contain the unsafe code of the threat, which intends to infiltrate the target's system. However, the authors of the Decrypme Ransomware may have used other propagation methods such as bogus software updates and torrent trackers to spread their Trojan. The Decrypme Ransomware will run a scan on the infiltrated computer to determine the locations of the files it deems of interest. Then, the encryption process is triggered, and the Decrypme Ransomware will lock all the targeted data. Upon locking the files, the Decrypme Ransomware applies an additional extension to their names,' .decrypme.' This means that a file that you had called 'golden-sand.jpeg' initially will be renamed to 'golden-sand.jpeg.decrypme' after the Decrypme Ransomware completes its encryption process.

The Ransom Note

Next, a ransom note will be dropped on the user's desktop. The name of the note is 'HOW_TO_OPEN_FILES.html.' The note starts off with 'ATTENTION!' and the attacker goes on to explain to the victims what had happened to their files. They state that all the data on the compromised system has been locked, and the user will need a unique decryption key to unlock it. To prove to the user that they have this decryption key, they offer to unlock one file free of charge, provided that it does not contain any valuable information. The ransom fee is $980, but the attackers claim that all users who get in touch with them within 72 hours will only have to pay half the price, meaning $490. There are two email addresses, which the attackers have provided as a mean of communication – ‘decoder83540@protonmail.com' and ‘decoder83540@cock.li.'

It is best to avoid communicating with cybercriminals as, understandably, they are not very trustworthy individuals. Even if you pay the ransom fee demanded, they will likely never send you the decryption key they promise. This is why it is far safer to use the help of a legitimate anti-virus application to remove the Decrypme Ransomware from your computer for good.