DDT Ransomware

Recently, a new data-locking Trojan has been discovered by malware researchers. It was given the name the DDT Ransomware. Upon further inspection, cybersecurity experts concluded that the DDT Ransomware is a variant of the infamous Globe Imposter 2.0 Ransomware.

It cannot be confirmed what propagation method has been employed in spreading the DDT Ransomware, but it is likely that the authors of the threat may have used spam email campaigns containing corrupted attachments, faux software updates, and pirated software to spread their creation. If the DDT Ransomware penetrates a system successfully, it will begin its attack by scanning it. The scan is meant to find the locations of all the files, which the DDT Ransomware was programmed to lock. When the data is located, the DDT Ransomware will begin the encryption process.

When the DDT Ransomware encrypts a file, it applies a new extension at the end of the file name. The DDT Ransomware adds the '.{dresdent@protonmail.com}DDT' extension to the newly locked files. This means that a file you had originally named 'pizza-box.png' will have its name altered to 'pizza-box.png.{dresdent@protonmail.com}DDT.' Next, the DDT Ransomware drops a ransom note that goes by the name 'how_to_back_files.hmtl.' The attackers fail to note what ransom fee would be required so that the victim could receive a decryption key. However, the authors of the DDT Ransomware ask the user to contact them via email. They give out their email address – dresdent@protonmail.com.

The advice is to stay as far away from cyber crooks as possible. Paying them money will not only go to funding their future operations but may not even grant you the decryption tool that they promise. Instead, you should look into obtaining a legitimate antivirus suite certainly, which would wipe the DDT Ransomware of your computer.