Damoclis Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 724 |
| First Seen: | November 1, 2017 |
| Last Seen: | June 14, 2023 |
| OS(es) Affected: | Windows |
The Damoclis Ransomware is an encryption ransomware Trojan that is part of a group of encryption ransomware Trojans released in late October and early November 2017. Complains related to the Damoclis Ransomware first started appearing on November 1, 2017, as part of a wave of ransomware attacks from related ransomware. It is very likely that the Damoclis Ransomware is part of a RaaS (Ransomware as a Service) tactic that may include several encryption ransomware variants. The Damoclis Ransomware, like many other encryption ransomware Trojans, is probably being delivered to victims through spam email messages that include corrupted file attachments with macro scripts that download and install the Damoclis Ransomware on the victim's computer.
Table of Contents
The Damoclis Ransomware Attack and Its Consequences
The Damoclis Ransomware is designed to encrypt the victim's files using a strong encryption algorithm. These infections are designed to encrypt the user-generated files, such as photos, documents, configuration files, databases, etc. while avoiding the Windows system files. This is because the Damoclis Ransomware and similar threats need Windows to remain functional so that they can demand a ransom payment from the victim. The examples of some of the file types that are targeted in a Damoclis Ransomware infection include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Damoclis Ransomware will mark the files encrypted by its attack with the file extension '.damoclis' added to the end of each of the infected files' names. Once the Damoclis Ransomware is done with the encryption of the files, they will no longer be readable by the victim's software or recognized by the Windows Explorer. The Damoclis Ransomware communicates with its Command and Control server to receive configuration information, relay information about the infected computer, and prevent the victim and PC security researchers from having access to a decryption key since it is impossible to restore the affected files without it. The Damoclis Ransomware takes the victim's files hostage effectively, making the files inaccessible and then demands a ransom payment from the victim to deliver the tool necessary to restore the affected files. Unfortunately, once the Damoclis Ransomware encrypts a file, it can no longer be accessed without the decryption key (which the crooks hold in their possession).
How the Damoclis Ransomware Demands a Ransom from the Victim
The Damoclis Ransomware drops a ransom note on the infected PC's desktop once the victim's files are encrypted. This ransom note, named 'HOWTODECRYPTFILES.html,' contains a message demanding the payment of a ransom through Bitcoins. The ransoms demanded by threats like the Damoclis Ransomware range from several hundred US dollars to thousands of US dollars paid through an anonymous online payment method like Bitcoin. However, it is not a common practice the con artists behind a ransomware tactic to deliver the means to decrypt the victims' files so that it may be a waste of time and money to pay the ransom or communicating with these people in any way.
Preventing a Damoclis Ransomware Attack
To protect your machine against ransomware Trojans like the Damoclis Ransomware you need to have file backups in safe places. Having copies of your files means that you can recover from the Damoclis Ransomware attack by recovering the affected files from the backup copy rather than having to deal with the people responsible for the attack. Apart from file backups, an updated security product is fundamental to keep your data safe. It is also practical to learn to handle spam email messages safely.
