Davda Ransomware Description
The newly discovered Davda Ransomware appears to be a file-locking Trojan, which is a part of the STOP Ransomware family. An increasing number of cyber crooks take this approach – instead of wasting time and effort in building a data-encrypting Trojan from the ground up, they modify an already existing, well-established threat like, in this case, the STOP Ransomware.
Malware experts have not been able to confirm what is the infection vector employed by the authors of the Davda Ransomware. However, it is highly likely that the cybercriminals responsible for the Davda Ransomware are using spam email campaigns and infected pirated materials, alongside bogus software updates to spread their creation. If a user falls for their trick, the Davda Ransomware will begin its attack by launching a scan on the machine it penetrated. The goal is to locate the files, which the Davda Ransomware has targeted to lock. When this step is completed, the Davda Ransomware will start encrypting the data. When a file is encrypted, it will receive an additional extension '.davda' at the end of the file name. This means that a file originally called 'Persian-cat.jpeg' would have its name altered to 'Persian-cat.jpeg.davda.' When the encryption process is through the Davda Ransomware drops its ransom note. The note is named '_readme.txt,' which is typical for the variants of the STOP Ransomware. The attackers do not hint at what the ransom fee demanded would be, but they insist the victim contacts them via email at their email address – firstname.lastname@example.org.
We would advise you strongly to avoid getting in touch with cyber crooks. Nothing good can come out of attempting to negotiate with such individuals. Instead, you should make sure to obtain a legitimate anti-virus tool, which will rid you of the Davda Ransomware.