DarkKomet Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 6,360 |
First Seen: | June 28, 2017 |
Last Seen: | September 1, 2020 |
OS(es) Affected: | Windows |
The DarkKomet Ransomware is an encryption ransomware Trojan that was first released in the last weeks of June 2017. However, the DarkKomet Ransomware is based on a much older ransomware engine. The DarkKomet Ransomware is one of the many variants of the HiddenTear family of ransomware, which has been around since August of 2015 when it was released for 'educational purposes.' The DarkKomet Ransomware's name seems to reference the infamous DarkComet Trojan, which is used by con artists to take over a computer from a remote location. It seems that these two may be bundled together in the DarkKomet Ransomware attacks. The most common way in which threats like the DarkKomet Ransomware are distributed is through the use of corrupted email attachments, which may take the form of Microsoft Word files with macros or scripts that download or install the DarkKomet Ransomware onto the victim's computer system. The DarkKomet Ransomware also may be distributed as a fake software update, such as a bogus update to Adobe Flash player or associated software.
Table of Contents
The DarkKomet Ransomware Distribution Method
The DarkKomet Ransomware may be associated with other attacks. For example, there is a possibility that the DarkKomet Ransomware collects private information about the victim's computer for use in doxxing and other types of harassment and tactics. It is clear that the DarkKomet Ransomware represents a real threat to computer users and their data and it is important to take steps to protect your machine from this and other threats. During its attack, the DarkKomet Ransomware has been observed to hide by disguising files and content associated with the DarkKomet Ransomware as popular PC games. The DarkKomet Ransomware also may be disguised as a bogus 'Remote Service Application' program, appearing on the infected computer's Task Manager with names such as 'MSRSAAP.EXE' or '300360749.exe.' The DarkKomet Ransomware may be distributed on Torrent networks currently, disguised as a copy from the PC game franchise Battlefield. This is why computer users are especially advised to not download pirated software and avoid these file sharing networks.
How the DarkKomet Ransomware Carries out Its Attack
The DarkKomet Ransomware is based on HiddenTear, a well-known open source ransomware engine. The DarkKomet Ransomware and other HiddenTear variants use the AES 256 encryption to make the victim's files inaccessible. The files encrypted by the DarkKomet Ransomware will become unusable and will no longer be able to be opened by the victim. The DarkKomet Ransomware will target user-generated files, which may include video, photos, audio, and a wide variety of document formats. The DarkKomet Ransomware will mark the files encrypted by the attack with the file extension 'locked.'The DarkKomet Ransomware also will change the infected computer's desktop background image, using a black screen and red text that reads 'Ooops! Your files have been encrypted!!!' the DarkKomet Ransomware will deliver its ransom note in a text file named 'READ_ME.txt,' which is dropped on the infected computer's Desktop. The con artists ask the victim to contact them at the email address 'alihacker8001@gmail.com.' The use of a public email address is curious and may indicate a lack of resources since these are usually avoided by on artists carrying out these attacks because they can be blocked and monitored by PC security researchers.
Dealing with a DarkKomet Ransomware Infection
Unfortunately, the files encrypted by the DarkKomet Ransomware will not be recoverable. Because of this, the best protection against the DarkKomet Ransomware and other variants of HiddenTear is to use backup copies. If computer users have backup copies of their files on an external memory device or the cloud, then they can recover from the attack easily without needing to pay a ransom amount or negotiate with the attackers. In fact, backups are the more effective protection against all ransomware Trojans and, in combination with a reliable security program, should be enough protection against this and other similar threats.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.