Dasha Ransomware

The DASHA Ransomware threat carries a strong encryption algorithm. As a result, systems infected with the threat will be subjected to data encryption,which will leave most of the files stored on them in an inaccessible state. Victims will no longer be able to open or use any of the impacted documents, PDFs, archives, photos, databases, etc. Typically, the operators of ransomware threats will then extort their victims for money. Analysis of DASHA has revealed that the threat is part of the Eternity malware family.

While the DASHA Ransomware is encrypting the targeted file types, it also modifies their original names. Each locked file will be marked via the addition of '.ecrp' as a new file extension. When all suitable files have been processed, the malware will drop two ransom notes with instructions for its victims. One will be displayed in a pop-up window, while the other will be set as the new desktop background image of the device. 

Both messages are extremely brief and lack many important details. Essentially, the attackers tell their victims that restoration of the data without their assistance is impossible and that victims will have to pay a ransom. Two communication channels can supposedly be used to contact the hackers - an email address at 'dashasupport@proton.me' and the 'dashasupport' Telegram account.

The full text of the note shown in the pop-up window is:

'All of your files have been ENCRYPTED with DASHA RANSOMWARE

Your computer was infected with a ransomware. Your files have been encrypted and you won't

be able to decrypt them without our help.

 What can I do to get my files back?

Contact us

Email: dashasupport@proton.me

Telegram: hxxps://t.me/dashasupport

DASHA Ransomware's desktop image has the following message:

YOUR COMPUTER HAS BEEN ENCRYPTED WITH DASHA RANSOMWARE

CONTACT OUR TEAM

Email: dashasupport@proton.me

Telegram: @dashasupport'