Threat Database Ransomware Decryption Assistant Ransomware

Decryption Assistant Ransomware

By GoldSparrow in Ransomware

The Decryption Assistant Ransomware is a ransomware Trojan that PC security analysts observed when tracking samples submitted to online security programs. In many cases, con artists will submit samples of their own threats to online anti-virus platforms to test whether they are capable of bypassing established anti-virus programs. The sample observed by PC security analysts of the Decryption Assistant Ransomware is a work in progress clearly, and is unfinished and not associated with any distribution campaign currently. There are some connections like other ransomware Trojans released along the same dates, including the May Ransomware and the CryptoViki Ransomware.

The Assistant that Doesn’t Provide Good Service

Although the Decryption Assistant Ransomware is still unfinished, it is capable of carrying out an effective ransomware attack, encrypting the victim's files using a strong encryption method. However, in the case of the Decryption Assistant Ransomware, it seems that this threat is limited to the directory 'C:/chiken,' carrying out its attack in this directory only (which is likely not to appear on most computers). This probably is due to testing purposes. However, it would be a trivial change to configure the Decryption Assistant Ransomware to target the victim's entire hard drive and external memory devices rather than limiting the attack to what is a testing folder clearly. After the Decryption Assistant Ransomware has finished encrypting the victim's files, the Decryption Assistant Ransomware will add the file extension '.pwned' to each encrypted file's name. During its attack, the Decryption Assistant Ransomware will target the files generated by the user. At present, the Decryption Assistant Ransomware is designed to encrypt files of the following types: JPEG, PNG, DOC, DOCX, PPT, PPTX, PDF, EBOOK, XLS, XLSX, 3GP, AVI, MP4 and MPEG. However, just like the path of the targeted directory, the file types that the Decryption Assistant Ransomware targets in its attack can be expanded easily to include hundreds of different file extension with only a simple change to the Decryption Assistant Ransomware's configuration.

The Decryption Assistant Ransomware’s Ransom Note

After encrypting the victim's files, the Decryption Assistant Ransomware will display a ransom note in the form of a program window with the title 'Decryption Assistant.' This message tells the victim that there is only one hour to pay the ransom (with a countdown timer) and demands that the victim pays a large ransom through BitCoins. The following is the full message that is displayed in the Decryption Assistant Ransomware ransom note:

'YOUR OPERATING SYSTEM AND DATA HAS BEEN COMPROMISED
All important data including your personal pictures, music, videos, documents and many more has been encrypted. The data cannot be recovered unless a fee has been paid to decrypt them.
The private decryption key for the data has been stored on our server and will be sent to this computer once the payment is sent. Any attempt to removing this software will lead an immediate destruction to the private key.
To obtain your decryption key, you will first need a bitcoin wallet to send us the payment. You can start the process by clicking which will start the payment process.
We advise you immediately buy the bitcoins before the countdown timer drops to zero which will immediately destroy your private key.
Time Remaining
Private Key Destruction in
[COUNTDOWN 1 HOUR]'

Dealing with Threats Like the Decryption Assistant Ransomware

Since the Decryption Assistant Ransomware is clearly a work in progress, it is not capable of carrying out attacks beyond the specified directory mentioned previously in its current form. However, it is very likely that some form of the Decryption Assistant Ransomware will be released to victims, capable of carrying out full-fledged attacks. It is important to take preventive measures to limit the damage carried out by these threats. Our PC security researchers recommend that computer users have a reliable backup system coupled with a reputable anti-malware application that is fully up-to-date.

Trending

Most Viewed

Loading...