DCry Ransomware

The DCry Ransomware, first observed in early July of 2017, is an encryption ransomware Trojan that will take the victims' files hostage. The DCry Ransomware may be installed after the victim opens a file that runs a corrupted macro script on the infected PC. These files that may take the form of Microsoft Word document may be delivered to victims through the use of spam email messages. Once the DCry Ransomware is installed on the victim's computer, it will encrypt the contents of the victim's drives to demand a ransom payment in exchange for the decryption key necessary to recover the affected files.

Looks Like the Word 'Cry' is Been Favored by Ransomware Developers

The DCry Ransomware receives its name because it identifies the files encrypted by the attack by adding the file extension '.dcry' to the final of each affected files' name. The DCry Ransomware is very similar to countless other encryption ransomware Trojans that are active currently. During the infection process, the DCry Ransomware will scan the victim's drives, shared network directories, and external memory devices linked to the infected computer. The DCry Ransomware will use the AES 256 encryption to make the files in these locations unreadable. The DCry Ransomware will avoid the files necessary for Windows to function and, instead, will target the user-generated files with common file extensions. Some of the file types that are typically encrypted in attacks like the DCry Ransomware include:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr.

How the DCry Ransomware Demands Its Ransom Payment

After encrypting its victims' files, the DCry Ransomware will demand the payment of a ransom from the victim. To do this, the DCry Ransomware will display a text file named 'HOW_TO_DECRYPT.txt' on the infected computer. This file includes a short message and an email address, which the victims must contact to obtain instructions on how to decrypt the affected files.The following is the short text message contained in the DCry Ransomware ransom note:

'Files has been encrypted.
If you want to decrypt, please, write me to e-mail: bbqb@protonmail.com
Your key: [RANDOM CHARACTERS]'

While some computer users may be tempted to contact the email address contained in the DCry Ransomware ransom note, PC security researchers strongly advise computer users to refrain from doing this. The ransoms demanded by Trojans like the DCry Ransomware are at least several hundred dollars and may be well beyond one thousand dollars. Even in cases where the ransom is paid, there is a very low chance that the con artists will restore the victim's files to their original state.

Dealing with Ransomware Trojans Like the DCry Ransomware

If the DCry Ransomware has been installed on your computer, the best course of action is to recover your files from a backup copy. Apart from the fact that paying the DCry Ransomware ransom will rarely result in any right solution, giving money to the people responsible for these attacks simply helps them finance additional threat variants. Furthermore, victims of these attacks that pay the ransom amount may be targeted for additional threat attacks and reinfection. Instead of paying the DCry Ransomware ransom, use a reliable security program that is fully up-to-date to remove all traces of the DCry Ransomware Trojan from the infected computer. The affected files should then be replaced with a backup copy. Unfortunately, the files encrypted by the DCry Ransomware cannot be decrypted without the decryption key.