DBL Ransomware
The DBL Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source encryption ransomware platform that has been active since 2015, and has been the basis for countless Trojans of this type. The DBL Ransomware was first observed on February 9, 2019, and carries out a typical version of this attack, encrypting victims' files to make them hostage and then demanding a ransom payment from the victim. It is necessary that computer users take steps to ensure that their data is safe from threats like the DBL Ransomware.
How the DBL Ransomware Trojan Attacks Your Computer
The DBL Ransomware uses AES encryption to make victims' files inaccessible, encrypting them and then marking them with the file extension '.rekt.' Typically, the DBL Ransomware is delivered to the victims' computers through corrupted spam email attachments and bogus file downloads. The DBL Ransomware seeks to take the victim's computer hostage in its attack, making the victim's files inaccessible and disabling other methods of recovering data, such as the System Restore or the Shadow Volume Copies of the encrypted data. Therefore, the best protection against the DBL Ransomware is to have file backups, since the files encrypted by the DBL Ransomware, otherwise, cannot be decrypted. Threats like the DBL Ransomware target the below files in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The DBL Ransomware's Ransom Demand
The DBL Ransomware demands a ransom by delivering a text file named 'open_IT.txt' to the affected computer, after using the AES encryption to make the victim's files inaccessible. The DBL Ransomware ransom note contains the following text, which demands a ransom payment in exchange for the decryption software needed to restore the affected files:
'You got rekt by DBL_Ransomware.
Send me 15$ in bitcoins to the goddam files back.
My BTC wallet address is 1GUqMDMs8xK94sonsty4YU86ecSNQ1zDz2
Send your PC name + transaction ID on ugotrekt@s0ny.net'
Computer users should refrain from paying the DBL Ransomware ransom. Even if the ransom is not as high as those associated with most encryption ransomware Trojans, the criminals rarely help the victims to restore their files and will typically target the computer users that pay the ransom with additional attacks or tactics. Computer users should use backup copies to restore any data compromised by the DBL Ransomware attack instead of considering paying the DBL Ransomware ransom. This is why having file backups stored safely is the best protection against most encryption ransomware Trojans like the DBL Ransomware since the criminals lose all of their leverage when the victims of the attack can respond by restoring the compromised data from a backup.
