Threat Database Ransomware DarkKomet Ransomware

DarkKomet Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 6,360
First Seen: June 28, 2017
Last Seen: September 1, 2020
OS(es) Affected: Windows

The DarkKomet Ransomware is an encryption ransomware Trojan that was first released in the last weeks of June 2017. However, the DarkKomet Ransomware is based on a much older ransomware engine. The DarkKomet Ransomware is one of the many variants of the HiddenTear family of ransomware, which has been around since August of 2015 when it was released for 'educational purposes.' The DarkKomet Ransomware's name seems to reference the infamous DarkComet Trojan, which is used by con artists to take over a computer from a remote location. It seems that these two may be bundled together in the DarkKomet Ransomware attacks. The most common way in which threats like the DarkKomet Ransomware are distributed is through the use of corrupted email attachments, which may take the form of Microsoft Word files with macros or scripts that download or install the DarkKomet Ransomware onto the victim's computer system. The DarkKomet Ransomware also may be distributed as a fake software update, such as a bogus update to Adobe Flash player or associated software.

The DarkKomet Ransomware Distribution Method

The DarkKomet Ransomware may be associated with other attacks. For example, there is a possibility that the DarkKomet Ransomware collects private information about the victim's computer for use in doxxing and other types of harassment and tactics. It is clear that the DarkKomet Ransomware represents a real threat to computer users and their data and it is important to take steps to protect your machine from this and other threats. During its attack, the DarkKomet Ransomware has been observed to hide by disguising files and content associated with the DarkKomet Ransomware as popular PC games. The DarkKomet Ransomware also may be disguised as a bogus 'Remote Service Application' program, appearing on the infected computer's Task Manager with names such as 'MSRSAAP.EXE' or '300360749.exe.' The DarkKomet Ransomware may be distributed on Torrent networks currently, disguised as a copy from the PC game franchise Battlefield. This is why computer users are especially advised to not download pirated software and avoid these file sharing networks.

How the DarkKomet Ransomware Carries out Its Attack

The DarkKomet Ransomware is based on HiddenTear, a well-known open source ransomware engine. The DarkKomet Ransomware and other HiddenTear variants use the AES 256 encryption to make the victim's files inaccessible. The files encrypted by the DarkKomet Ransomware will become unusable and will no longer be able to be opened by the victim. The DarkKomet Ransomware will target user-generated files, which may include video, photos, audio, and a wide variety of document formats. The DarkKomet Ransomware will mark the files encrypted by the attack with the file extension 'locked.'The DarkKomet Ransomware also will change the infected computer's desktop background image, using a black screen and red text that reads 'Ooops! Your files have been encrypted!!!' the DarkKomet Ransomware will deliver its ransom note in a text file named 'READ_ME.txt,' which is dropped on the infected computer's Desktop. The con artists ask the victim to contact them at the email address 'alihacker8001@gmail.com.' The use of a public email address is curious and may indicate a lack of resources since these are usually avoided by on artists carrying out these attacks because they can be blocked and monitored by PC security researchers.

Dealing with a DarkKomet Ransomware Infection

Unfortunately, the files encrypted by the DarkKomet Ransomware will not be recoverable. Because of this, the best protection against the DarkKomet Ransomware and other variants of HiddenTear is to use backup copies. If computer users have backup copies of their files on an external memory device or the cloud, then they can recover from the attack easily without needing to pay a ransom amount or negotiate with the attackers. In fact, backups are the more effective protection against all ransomware Trojans and, in combination with a reliable security program, should be enough protection against this and other similar threats.

Related Posts

Trending

Most Viewed

Loading...