Defender Ransomware

By GoldSparrow in Ransomware

Translate To:

The Defender Ransomware is a file encryption Trojan that was reported on February 13th, 2018. Malware researchers reported that the Defender Ransomware is delivered to PC users via Zippysahre.com pages that claim to offer game cheats and cracked shareware. Understandably, most of the users who were infected with the Defender Ransomware launched the threat payload with administrative privileges, which is required to install game cheats and crack digital protection of shareware. The Defender Ransomware Trojan is dropped to the Temp directory under:

C:\Users\username\AppData\Temp\Cache\MpCmdRun.exe

Lab tests showed that the Defender Ransomware might use file names that suggest it is nothing more than an instance of Media Player Classic (h[tt]ps://mpc-hc[.]org/) as a way to avoid raising suspicion. The Defender Ransomware does not require significant processing power, and in most cases, infected PC users are unable to notice anything during the encryption process. The Defender Ransomware is programmed to encipher images, music files, downloaded videos, databases, office documents (DOCX, PPTX, XSLX), PDF files and eBook formats. The affected data receives the '.defender' extension and 'To-Do List.docx' is renamed to 'To-Do List.docx.defender.' Additionally, the system recovery feature is rendered useless by erasing the Shadow Volume snapshot records created by Windows. The ransom note is presented as a simple text note titled 'Defender_Ransomware.txt.' Compromised users can find 'Defender_Ransomware.txt' on their desktops and the documents library on Windows 10. The ransom message reads:

'YOUR FILES HAVE BEEN ENCRYPTED BY DEFENDER RANSOMWARE. THE WALL WILL NOT FALL. THIS RANSOMWARE IS NOT DECRYPTABLE. SORRY ABOUT THAT.'

There is no way to decipher the locked data as the decryption key is sent to the servers controlled by the threat creators. The attackers are believed to destroy data on infected devices purposely as they do not offer any medium for contact and make no demands. Hence, the Defender Ransomware is placed in the category of Wipeware (Wiper) - that is a program designed to wipe data or prevent access to data containers without the possibility of unlocking it in the future. You will need backups from unmapped drives and cloud-based services like Dropbox and Google Drive if you want to make a full recovery. AV engines recognize the Defender Ransomware and tag related files as:

Artemis!5DCC449D51C8
Ransom_DEFENDER.A
TR/Ransom.dvwue
Trojan ( 00526c4c1 )
Trojan.GenericKD.40108788
Trojan.Win32.Z.Filecoder.20480
a variant of MSIL/Filecoder.LX

SpyHunter Detects & Remove Defender Ransomware

File System Details

Defender Ransomware may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	MpCmdRun.exe	5dcc449d51c864eeb657c54679eb9d20	0
Name: MpCmdRun.exe MD5: 5dcc449d51c864eeb657c54679eb9d20 Size: 20.48 KB (20480 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 20, 2018

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Defender Ransomware

SpyHunter Detects & Remove Defender Ransomware

File System Details

Submit Comment

Related Posts

Alltimebestdefender.com

Alltimetopdefender.site

Yourpcidentitydefender.site

Reportyourdefenderdata.site

MyDailyWebDefender.com

Defendersystem.xyz

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen