Decme Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | April 20, 2010 |
| Last Seen: | November 28, 2020 |
| OS(es) Affected: | Windows |
The Decme Ransomware is a new malware threat that has been discovered by infosec researchers. The criminals responsible for unleashing the Decme Ransomware in the wild want to lock their victims' computers with a powerful cryptographic algorithm effectively and then extort them for a potential restoration. It should be noted that the Decme Ransomware is not a wholly unique threat - analysis reveals that it is a variant belonging to the VoidCrypt Ransomware family. As such, the behavior of the threat remains largely in line with what has been observed with previous VoidCrypt variants.
When Decme Ransowmare infiltrates a computer successfully, it initiates its encryption process that affects a wide range of filetypes, including the most popular used ones such as MS Office files, audio, video, and picture files, PDFs, databases, etc. Every encrypted file will have its original name changed significantly. First, the Decme Ransomware will append the email address 'Files2021@tutanota.com.' Then it places a string of characters that forms the unique ID of the specific victim. Finally, '.decme' will be added as a new extension. Text files named '!INFO.HTA' and carrying the ransom note of the threat will be created in every folder containing encrypted data.
Reading the instructions left by the hackers reveals that they want to receive a payment made in Bitcoin to get the decryption tool in their possession. The criminals also threaten to double the ransom amount when 48 hours elapse. Victims are offered to send files that will be decrypted for free to either the email also found in the names of the encrypted files or to the alternate address at 'Files2020@mailfence.com.'
The full text of the Decme Ransomware's note is:
'!!! Your Files Has Been Encrypted !!!
♦ your files has been locked with highest secure cryptography algorithm ♦
♦ there is no way to decrypt your files without paying and buying Decryption tool♦
♦ but after 48 hour decryption price will be double♦
♦ you can send some little files for decryption test♦
♦ test file should not contain valuable data♦
♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦
♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦
♦ !!! or Delete you files if you dont need them !!!
♦Your ID :-
our Email :Files2021@tutanota.com
In Case Of No Answer :Files2020@mailfence.com.'
Table of Contents
Should I Pay the Ransom?
Paying the ransom can seem like a good idea to some. However, security experts suggest that you never give in to criminals and meet their demands. While it is true that there is no way to undo the encryption without their help, it’s also true that they aren’t obligated to help you. There’s no guarantee that they will provide the tools or keys you pay for after getting your money. Many criminals simply disappear and never contact targets again after getting their money. You become the victim of a scam and lose your money and data. The good news is that all is not lost. It may still be possible to restore your damaged files to their former glory.
How to Restore Encrypted Files
The first step to restoring your files is to remove the Decme ransomware. The earlier you get rid of the virus, the better. Leaving it on your computer leaves the chance it could cause more damage. When it comes to re, you can try System Restore and similar options first. These solutions are unreliable with ransomware, however, as many viruses delete the Shadow Volume Copies they rely on to work. An external backup would be your best bet. Not everyone keeps a backup, though, so you might not have one. If you don’t, you may find some success with file restoration software. Some tools are created for this very occasion and work better than others for ransomware recovery.
How Does Decem Ransomware Infect Computers?
File encryption malware like this has several ways to get on your computer. Criminals primarily use malspam campaigns to spread ransomware. Attackers write emails to appear legitimate and trick users into clicking on a malicious link or attachment file. Viruses exploit human vulnerabilities, such as curiosity and naivety, before they exploit computer vulnerabilities. These malicious files come in all forms, including Microsoft Office documents, PDF documents, JavaScript file, Executable file, and archive files.
How to Avoid Ransomware Infection
The most important thing you can do to keep your computer safe is to be more cautious with emails. Avoid opening links and attachments on emails if you aren’t sure of the sender. Check emails and addresses for minor errors and other red flags. It also helps to download apps and software from reliable sources and official stores and avoid file-sharing peer-to-peer networks. Of course, you should invest in an antivirus program for your computer. These programs catch viruses before they start and remove them for you.
