DBGer Ransomware

The DBGer Ransomware is a ransomware Trojan that includes a data collecting module. The DBGer Ransomware seems to be a modified version of the Satan Ransomware, a Trojan that was released earlier in 2018. The DBGer Ransomware was first observed on June 13, 2018, and seems to include new features not present in previous versions of this threat. The DBGer Ransomware seems to be distributed mainly by taking advantage of a vulnerability in Windows revealed in May 2017 and known as CVE-2017-0144. This vulnerability, known as EternalBlue, has been used by criminals to distribute malware. It is important to guarantee that you have applied the latest updates and security patches to your computer to avoid these infection vectors.

What are the Consequences of a DBGer Ransomware Attack

The DBGer Ransomware seems to target the user-generated files, which include numerous documents, media files, and other files that are not Windows system files or executable applications. The DBGer Ransomware uses the AES encryption to make these files inaccessible. The files targeted by the DBGer Ransomware's attack include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The DBGer Ransomware’s Data Collecting Module

Although the DBGer Ransomware seems to behave just like most encryption ransomware Trojans, the DBGer Ransomware has captured the attention of PC security researchers because it includes a module named 'Mimikatz' that is designed to collect data from the victim's computer. This module will collect login information for numerous applications and online accounts. The collected information may be used by the criminals to spread to other computers or targets if the initial infection occurs on a computer that is part of a business network or other higher profile target particularly.

The DBGer Ransomware’s Ransom Demands

The DBGer Ransomware demands the payment of 1 Bitcoin (7,000 USD at the current exchange rate approximately) to decrypt the affected files. The infected computer users can identify the files encrypted by the DBGer Ransomware because the DBGer Ransomware adds the file extension '.dbger' to each affected file's name. The DBGer Ransomware delivers its ransom note in a text file named '_How_to_decrypt_files.txt' dropped on the infected computer's desktop. The following is the whole text of the DBGer Ransomware ransom note:

'Some files have been encrypted
Please send ( 1 ) bitcoins to my wallet address
If you paid, send the machine code to my email I will give you key
If there is no payment within three days,
we will no longer support decryption
If you exceed the payment time, your data will be open to the public download
we support decrypting the test file.
send three small than 3 MB files to the email address

BTC wallet [random characters]
Email:dbger@protonmail[.]com
Your HardwareID: [random characters]'

Dealing with a DBGer Ransomware Infection

Unfortunately, if the DBGer Ransomware encrypts a file, it will not be recoverable if the victim doesn't possess the decryption key (which is held by the criminals responsible for the DBGer Ransomware). However, it is necessary to avoid paying the DBGer Ransomware ransom since this allows the criminals to continue distributing threats like the DBGer Ransomware, and will put you at risk for additional attacks. Instead, the files should be recovered from backup copies stored on the cloud or external memory devices.