Threat Database Ransomware DEcovid19bot Ransomware

DEcovid19bot Ransomware

The DEcovid19bot Ransomware is a file-locking Trojan that can block media like documents with its encryption. Depending on the variant, it may insert one of two extensions in their names and drop one of two ransom notes that sell the attacker's unlocking help to victims. Victims should protect their work with proper backups and their PCs with anti-malware products that should remove the DEcovid19bot Ransomware automatically.

The Plague's Next Wave Crashes against Computer Data

The Coronavirus or COVID-19 epidemic is an event that even hackers notice, as readers can see with the different Trojans' campaigns. Still-recent cases include the boot-locking Covid-20 Ransomware, the data-locking CoronaCrypt Ransomware and others. The new the DEcovid19bot Ransomware is another point in favor of the theme as part of the payloads of newly-produced threats, even as vaccine distribution becomes a factor in the real-life fighting against disease. This threat also starts life split into two variants, although malware analysts find the differences superficial.

The DEcovid19bot Ransomware is a Windows-compatible Trojan, much like most Trojans that leverage encryption as an attack. It uses its encryption routine for locking content such as documents, images, spreadsheets, music, or movies and stopping their opening. One version uses the disease-themed 'covid19' extension for these files, while the other appends a far-more-generic 'locked' one. In either case, the file's name doesn't affect the encryption that keeps the file non-opening.

Although both versions of the DEcovid19bot Ransomware include extortion through text messages, there are minor differences between these ransom notes. The less-generic version references the Coronavirus theme and warns that payment delays will result in price hikes. The other variant merely tells victims that the decryption data will suffer deletion after a period. Interestingly, both versions reference Telegram – a messaging application of particular popularity in Europe.

The Inoculating Shot that Beats Modern Trojans

Malware experts can't yet point to a decryption solution to the DEcovid19bot Ransomware that's free for any victims. Encryption routines are quick to secure, even for novice threat actors, and users shouldn't assume that a 'locked' file has any possibility of direct unlocking or decryption. Since the DEcovid19bot Ransomware is specific to Windows platforms, users of most versions of that OS should treat themselves and their files as at risk.

The DEcovid19bot Ransomware's infection strategies aren't known to malware experts, though most Trojans of its class use similar exploits and tactics. Users should review their passwords for brute-force risk, disable browser features like JavaScript that can render websites unsafe, and scan e-mail attachments and downloads from obfuscated links with appropriate threat analysis products. Saving backups onto removable devices and protected servers provide insurance against any encryption-based damages to files.

Up-to-date and reputable security solutions should delete the DEcovid19bot Ransomware in both of its variant forms. Malware experts always recommend them for convenient and thorough disinfection of these threats.

Trojans that ride the wave of current events may or may not incorporate them into their lures and tactics, too. How the DEcovid19bot Ransomware gets into a PC is up in the air, but the damage it does once it's there is all too clear.

Trending

Most Viewed

Loading...