Dablio Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | December 6, 2018 |
| Last Seen: | April 10, 2019 |
| OS(es) Affected: | Windows |
The Dablio Ransomware is an encryption ransomware Trojan. Threats like the Dablio Ransomware carry out a simple attack that involves taking the victim's files hostage and then requesting a ransom payment from the victim. Despite how simple this attack sounds, it is quite effective. This is because the Dablio Ransomware takes the victim's files hostage by using a strong encryption algorithm to make the victim's files completely inaccessible. Once the victim's files have become inaccessible, the Dablio Ransomware asks the victim to pay a large ransom using an anonymous payment method, such as a digital currency. It is mandatory to take precautions against threats like the Dablio Ransomware, which have become quite common in the wild.
Table of Contents
Symptoms of a Dablio Ransomware Infection
The Dablio Ransomware receives its name because it runs as an executable file process named 'Dablio.exe' on the victim's computer. The Dablio Ransomware's main intended targets are home computer users, which sets it apart from ransomware Trojans designed to target Web servers and business networks primarily. The Dablio Ransomware infections were first reported on December 5, 2018. The Dablio Ransomware's attack encrypts the files using a method that makes them easy to recognize because the Dablio Ransomware adds the string '(encrypted)' to each file that has been compromised by the Dablio Ransomware attack. To make the victim's files inaccessible, the Dablio Ransomware uses the AES encryption. This encryption type is, unfortunately, unbreakable with the current technology. The Dablio Ransomware is written using the Python programming language, and it seems to target the user-generated files in its attack. Some examples of the files that the Dablio Ransomware targets in these attacks include files with the following file extensions: '.txt,' '.doc,' '.docx,' '.xls,' '.xlsx,' '.ppt,' '.pptx,' '.odt,' '.jpg,' '.png,' '.csv,' '.sql,' '.mdb,' '.sln,' '.php,' '.asp,' '.aspx,' '.html,' '.xml' and '.psd.'
The Dablio Ransomware’s Ransom Demands
The main purpose of the Dablio Ransomwar is to make it completely impossible to restore the files compromised by the Dablio Ransomware attack. Because of this, the Dablio Ransomware is also designed to remove other features of the Windows operating system that could be used to recover the data compromised by the Dablio Ransomware infection. For example, the Dablio Ransomware is designed to delete the Shadow Volume Copies of any compromised data. The Dablio Ransomware also will remove any System Restore points on the infected computer. Once the victim's files have been encrypted, the Dablio Ransomware delivers a ransom note. The Dablio Ransomware's ransom note takes the form of a program window, where the Dablio Ransomware ransom note text is displayed over a black background. The following is the full text of the Dablio Ransomware ransom note:
'#DABLIO
Good Morning. Good afternoon. Good evening.
I'm sorry to inform you that your computer was ENCRYPTED.
ALL YOUR FILES WERE COMMITTED.
PAY TO HAVE YOUR FILES IN NORMAL CONDITION. DO NOT WORRY!
EVERYTHING WILL BE BACK. ACCESS THE WEBSITE WWW.LOCALBITCOIN.COM
AND MAKE THE PURCHASE OF THE BITCOIN AND TRANSFER OF
THE BITCOIN TO MY WALLET. AFTER WE SEND UNLOCK CODE OF YOUR FILES.
THANKS;
Email: dablio@tuta.io
Cry Now. Laugh Later.
Enter Key for Unlocked your Computer and Files!
[TEXT BOX]
[Check!|BUTTON]
Dealing with the Dablio Ransomware Trojan
The experts' advice is that computer users refrain from contacting the criminals responsible for the Dablio Ransomware attack. Instead of doing this, computer users should make sure that they have the means to recover any data that was compromised by this infection. Therefore, the most effective protection against threats like the Dablio Ransomware is to have backup copies of all data. The backup files should be stored on the cloud or an external memory device, out of reach from threats like the Dablio Ransomware. This way, computer users can restore their data in the event of an attack. Apart from data backups, computer users should invest in a security application to protect their PCs from these threats.
SpyHunter Detects & Remove Dablio Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | cd4b864a78da9fd674f099ec1703dbb9 | 0 |
