DavesSmith Ransomware Description
At the end of October 2019, malware experts spotted yet another ransomware threat pestering users online. It is being dubbed the DaveSmith Ransomware. Data-locking Trojans tend to operate in a very similar manner to one another. They would usually infect a host, scan their files, encrypt the targeted data, and then demand a fee for a decryption key. The DaveSmith Ransomware is no different.
Propagation and Encryption
It has not yet been confirmed what propagation method are the authors of the DaveSmith Ransomware utilizing to spread their threatening creation. Ransomware threats are propagated via mass spam email campaigns most commonly. The emails would contain a message riddled with social engineering tricks and a corrupted attachment, which, once opened, will trigger the launching of the threat. Another popular infection vector for spreading data-encrypting Trojans is fake application updates. Regardless of how the DaveSmith Ransomware ends up on a host, it will not lose any time and will trigger a swift scan of the data present on the system immediately. This helps the DaveSmith Ransomware locate all files, which are of interest, meaning the data, which this file-locking Trojan will target for encryption. Next, the DaveSmith Ransomware will begin locking all the marked files. Usually, this would consist of all the data, which is located on one’s computer. When the DaveSmith Ransomware encrypts a file, it also appends a new extension to its filename. The extension, which the DaveSmith Ransomware adds to files is ‘.[email@example.com].’ A file that was named ‘full-house.jpeg’ originally, will be renamed to ‘full-house.jpeg.[firstname.lastname@example.org] when the encryption process of the DaveSmith Ransomware is completed.
The Ransom Note
In the next step of the attack, the DaveSmith Ransomware will drop a ransom note containing the message of the attackers. The note’s name is ‘RECOVERY FILE.txt,’ and it reads:
If you see this message - this means your files are now encrypted and are in a non-working state!
Now only we can help you recover.
If you are ready to restore the work - send us an email to the address email@example.com
In the letter, specify your personal identifier, which you will see below.
In the reply letter we will inform you the cost of decrypting your files.
Before payment you can send us 1 files for test decryption.
We will decrypt the files you requested and send you back.
This ensures that we own the key to recover your data.
The total file size should be no more than 2 MB,
the files should not contain valuable information (databases, backups, large Excel spreadsheets ...).
Email to contact us - firstname.lastname@example.org
YOUR PERSONAL ID :
In the note, the attackers explain to the users that their files have been locked, and the victim will be unable to recover them unless they cooperate with the authors of the DaveSmith Ransomware. These people demand to be contacted via email at ‘email@example.com’ and claim that if the user gets in touch with them, they will reveal the ransom fee. To prove to the victim that they are capable of decrypting the locked data, the attackers offer them to send one file, which will be unlocked free of charge. There are rules, however, as the file cannot contain any valuable information or be any larger than 2MB size-wise. The attackers also have included an ID that is uniquely generated for each victim.
Stay away from the authors of the DaveSmith Ransomware. People with such questionable morals rarely keep their promises, and even if you pay up, it is likely that the authors of this ransomware threat will leave you empty-handed. Instead, you should look into obtaining a genuine anti-virus software suite that will not only aid you in removing the DaveSmith Ransomware from your computer but also make sure you do not end up in such a complicated situation again.
Do You Suspect Your PC May Be Infected with DavesSmith Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like DavesSmith Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.