Threat Database Ransomware DarkCrypt Ransomware

DarkCrypt Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: March 10, 2021
Last Seen: April 8, 2021
OS(es) Affected: Windows

Many cyber crooks opt to borrow the code of existing ransomware threats, alter it slightly, and distribute it to generate revenue from ransom fees. However, some authors of ransomware threats choose to mimic well-established, infamous data-locking Trojans as they carry a recognizable name that is likely to strike fear in the heart of their victims. This is the case of the DarkCrypt Ransomware. At first glance, the DarkCrypt Ransomware appears to be a copy of the notorious WannaCry Ransomware. This, however, is not the case, and the DarkCrypt Ransomware is nothing but an imitation of the highly potent and threatening WannaCry Ransomware. Luckily, the DarkCrypt Ransomware is not nearly as destructive as the previously mentioned threat.

Propagation and Encryption

There is no confirmation regarding the propagation method employed in the distribution of the DarkCrypt Ransomware. It is likely that the cyber crooks behind it are using torrent trackers, bogus pirated copies of popular applications or media, mass spam email campaigns or fraudulent software downloads and updates. When this file-encrypting Trojan compromises a host, it will scan the contents of the system and locate the files of interest. Next, the DarkCrypt Ransomware will trigger its encryption process and lock all the targeted files. The DarkCrypt Ransomware adds a new extension to all the locked files' names – '[][].WannaScream.' The result is that a file you had named 'Persian-Cat.mp4' will be renamed to 'Persian-Cat.mp4[][].WannaScream.'

The Ransom Note

To inform their victims about what has happened to their data, the attackers make sure the DarkCrypt Ransomware drops a ransom note on the user's desktop. The ransom message of the DarkCrypt Ransomware's creators is stored in a file called 'README.txt.' In the note, the authors of the ransomware threat make it clear that they want to be paid a ransom in the shape of Bitcoin and, in exchange for this, they promise to provide a decryption key, which is supposed to help them recover their data. They have provided a wallet address, as well as an email address where users can get in touch with them – ‘'

It is always best to stay away from cyber crooks and ignore their unreasonable demands. There is no valid point in paying the ransom fee because there is no guarantee you will receive the decryption tool the attackers have promised. Many victims of ransomware who pay up are left out to dry when the cybercriminals end up not delivering on their promises. This is why you should have a reputable anti-virus software suite that will remove the DarkCrypt Ransomware from your PC safely.


Most Viewed