DecService Ransomware

The DecService Ransomware is an encryption ransomware Trojan that was first observed on November 28, 2018. The DecService Ransomware's main targets seem to be Web servers and business networks. Because of this, it is likely that criminals taking advantage of poorly connected remote desktop accounts are distributing the DecService Ransomware. The DecService Ransomware is nearly identical to most encryption ransomware Trojans and is designed to take the victims' data hostage and then demand a ransom payment.

How the the DecService Ransomware Attack Works

The DecService Ransomware uses a strong encryption algorithm to take the victim's files hostage. The DecService Ransomware's attack targets a wide variety of the user-generated files, which may include numerous media files, databases, documents and configuration data. The DecService Ransomware searches for the file extensions below on the victim's computer when it carries out its attack:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Once the DecService Ransomware has encrypted the victim's files, they will no longer be recoverable without the decryption key. The DecService Ransomware delivers a ransom note contained in a text file dropped on the infected computer's desktop. The DecService Ransomware ransom note reads as follows:

'!!! ALL FILES HAS BEN ENCRYPTED !!!
We are crypted all your important database and document Military Grade AES-512 Encryption Without key impossible to decryption
I stored the crypted data in your hard disk.
If you wnat to become your data back, send me an email.
bEST rEGARDS
e-mail : dec.service@protonmail.com

Computer users shouldn't contact the criminals or follow the instructions in the DecService Ransomware ransom note. Instead, computer users should take defensive steps to ensure that their data is safe from threats like the DecService Ransomware. Since the data encrypted by these Trojans is not recoverable without the decryption key, preventive measures are the key to ensure that the data is safe from threats like the DecService Ransomware.

Protecting Your Data from Threats Like the DecService Ransomware

The best protection from threats like the DecService Ransomware is to have the means to recover any data compromised by the attack. For this, malware researchers strongly recommend that computer users have a proven security program that is fully up-to-date and always have backup copies of their data. The backups should be stored on the cloud or removable memory device. Preferably, the backups should take the form of disk images or other full system backups since the DecService Ransomware attacks seem to prefer Web servers and other similar systems rather than individual's home PCs.