DDE Ransomware
PC security analysts first observed the DDE Ransomware, an encryption ransomware Trojan, on July 25, 2018. The DDE Ransomware, as with most threats of this type, is typically delivered to the victims' computers through corrupted email messages containing Microsoft Word file attachments with embedded macros that download and install the DDE Ransomware onto the victim's computer. The DDE Ransomware is not a new threat but, rather, is a variant of preexisting encryption ransomware threats.
How the DDE Ransomware will Affect Your Files
The DDE Ransomware carries out a typical version of these attacks. The DDE Ransomware uses a strong AES encryption algorithm to make the victim's files inaccessible. The DDE Ransomware targets the user-generated files, such as media files, images, databases, and numerous other document types. The files that threats like the DDE Ransomware will target in their attacks include:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The DDE Ransomware will mark the files it compromises with the addition of the file extension '.encrypted' to the end of each affected file's name. The DDE Ransomware also will change the infected computer's desktop background, replacing it with a red screen with the following message:
'YOU ARE HACKED
ALL YOUR FILES HAS BEEN ENCRYPTED.
IF YOU WANT RESTORE YOUR DATA YOU HAVE TO PAY!
CONTACT US: no-reply@gmail.com'
The DDE Ransomware also delivers a message in the form of a Windows error notification labeled 'HACKER' that reads as follows:
'Your important files are encrypted.
If you need them, You can find my KEY to decrypt.
GOOD LUCK!!!'
Since the DDE Ransomware uses a not valid email address for contact, it is impossible to pay a ransom or contact the criminals responsible for the DDE Ransomware attack currently. This raises the possibility that the version of the DDE Ransomware being observed by malware analysts is either in an unfinished state or a test for other infections. In either case, it is mandatory for computer users to take precautions against threats like the DDE Ransomware.
Protecting Your Data from Threats Like the DDE Ransomware
The best precaution against threats like the DDE Ransomware is to have a fitting security program and file backups stored on portable devices. Having file backups ensures that your files are safe from intrusion and prevents you from losing your data permanently after an attack perpetrated by a threat like the DDE Ransomware. Since threats like the DDE Ransomware are often delivered to the victims through corrupted email attachments in spam email messages, it is also essential to learn to recognize these messages and tactics and respond to them appropriately. A combination of security software, file backups, and safe practices online are the best protection against threats like the DDE Ransomware.
