DCRTR-WDM Ransomware

The DCRTR-WDM Ransomware is a ransomware Trojan that is a variant on DCRTR Ransomware, first observed in February 2018. The DCRTR-WDM Ransomware variant was first observed in early November 2018 and carries out an attack that is nearly identical to the one executed by its predecessor. The DCRTR-WDM Ransomware, like most ransomware Trojans, is designed to take the victims' files hostage and then demand a ransom payment.

What will be the Consequences of a DCRTR-WDM Ransomware Attack

The DCRTR-WDM Ransomware is commonly delivered using spam email attachments. Once installed, the DCRTR-WDM Ransomware uses strong encryption to make the victim's files inaccessible. The DCRTR-WDM Ransomware targets the user-generated files, renaming the affected files by adding a new file extension, '.crypt,' to the file's name. The files targeted by the DCRTR-WDM Ransomware in its attack include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The DCRTR-WDM Ransomware's Ransom Demand

The DCRTR-WDM Ransomware delivers a ransom note in the form of a text file named 'HOW TO DECRYPT FILES.txt.' The DCRTR-WDM Ransomware's ransom note is identical to some used by other known ransomware Trojans and contains the following text:

'UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED
FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .CRYPT
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
----------------------------------------------------------------------------------------
| 0. Download Tor browser - h[tt]ps://www.torproject[.]org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: h[tt]p://crypt443sgtkyz4l[.]onion/
| 4. Follow the instructions on this page
---------------------------------------------------------------------------------------- On our page you will see the payment instructions and will be able to decrypt 1 file for free with the extension ".exe".
Attention!
TO PREVENT DATA CORRUPTION:
- do not modify files with extension.crypt
- do not run anti-virus programs, they may remove information to contact us
- do not download third-party file descriptors, only we can decrypt files!'

The DCRTR-WDM Ransomware's ransom shouldn't be paid unless it is the only solution. Unfortunately, when the DCRTR-WDM Ransomware encrypts the files, they may not be recovered without the decryption key. However, if the victim has file backups, they can recover from a DCRTR-WDM Ransomware attack by replacing the affected files with one of the backup copies.