0day0 Ransomware
The Dharma Ransomware is another ransomware family that has been very active since its release, and it has numerous family members. The newest member is called 0day0 Ransomware, and it was uncovered by a researcher, who calls himself dnwls0719. Just like any member of the disreputable Dharma Ransomware family, the objective of the 0day0 Ransomware is to encrypt as many files it can on a targeted computer so that its owner will not be able to execute any task on the infected machine. Then, the 0day0 Ransomware will propose to its victims to pay a ransom, which will be exchanged for a software containing the decryption key that, according to them, is the only way to recuperate the corrupted data and, consequently, the use of their machines.
First, it is not the only way to recover the encrypted files; if the users have a backup of their data, they can use it to get their files back to normal. Second, they can try the various decryption tools available online for free. However, if they do not have backups or the decryption tools do not work, they have a real problem.
Table of Contents
Propagation and Encryption
A computer may be infected by the 0day0 Ransomware when its owner clicks on corrupted advertisements, opens a compromised email attachment or browse torrent websites. Once inside the computer, the 0day0 Ransomware will choose the files it wants to compromise and then add the ".0day0" file extension to their names and an exclusive victim's ID. When the 0day0 Ransomware is done with the files encryption, it will show its ransom demands in a text file named "FILES ENCRYPTED.txt," which contains the following message:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email day_0@aol.com YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by e-mail:day_00@aol.com
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
There's no mention of the ransom amount. However, it will not be cheap, for sure. Since they provide two email addresses for contact, the victims should be informed of how much needs to be paid to receive the decryption key when they contact the criminals behind the 0day0 Ransomware.
It's almost ironic that the note warns you of scams, given that you are more likely to be scammed by the original attackers. Experts caution against paying the ransom for this very reason. There have been many cases where ransomware victims don’t get the tools they are promised, meaning they lose their money as well as their data. Even if the threat actors are sincere, it is still worth not paying the ransom. The more people that give in to them, the more they will keep attacking others. Please don’t encourage them by giving in to them.
0day0 Distribution and Prevention
Illegal downloads, malicious email attachments, and compromised websites are the most common distribution vectors for ransomware. These attack patterns haven’t changed much, mostly because they are still effective.
The best way to avoid a computer infection from compromised online downloads, we recommend that you only use secure, well-known websites for downloading programs and updates. Avoid using domains that have too many hyphens, digits, or suspicious symbols in the name. Also, check to see if the website connects over HTTPS with an SSL certificate, and not standard HTTP. We also recommend scanning downloaded files with an antivirus program before running them. Malicious files have to be accessed to damage your computer. Just downloading a file isn’t enough to do damage.
Last but not least, we recommend that you avoid downloading illegal programs like cracks and keygens. These programs are known to be a popular distribution method for malware. Another thing to keep in mind about malicious websites is that most browsers will warn you about them. If your browser tells you that the website is malicious or deceptive, then you should avoid accessing it. Close any website that instantly redirects you to another site after accessing it.
Criminals use attention-grabbing headlines for emails like "IMPORTANT!" and "REPLY IMMEDIATELY!" to trick victims. These messages commonly include a lot of spelling mistakes because they are so poorly written. The emails often have a link or attachment that readers are urged to download. Downloading and accessing the attachment infects the virus. Check emails for apparent errors before interacting with them.
Dealing with a 0day0 Ransomware Infection
No matter how hard the 0day0 Ransomware attack has affected your work, contacting the criminals or paying the ransom fee is not recommended at all. These people are not worried about your problems. All they want is to make easy money, so that the victims who comply with their demands and pay them may not get anything in return, and still having their files unusable and their money will be gone forever.
The right way to deal with a ransomware infection is to remove it from the infected computer using an updated and capable anti-malware software. Do not forget to save the encrypted files because there is always the possibility of a free decryptor to be released in the future.
