Delphimorix Red Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | November 27, 2018 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
The Delphimorix Red Ransomware is an encryption ransomware Trojan that is a variant of the Delphimorix Ransomware, which was released shortly before in November 2018. Security researchers released a free decryption utility for the Delphimorix Red Ransomware's predecessor, the Delphimorix Ransomware, allowing its victims to restore access to the affected files. The release of the Delphimorix Red Ransomware variant seems to be a response from the criminals, who have updated their threat to bypass the decryption software available currently.
The Delphimorix Red Ransomware is a Variant of a Threat Released Recently
The main purpose of the Delphimorix Red Ransomware, like most encryption ransomware Trojans, is to make the victim's files inaccessible, taking them hostage to extract a ransom payment from the victim. The Delphimorix Red Ransomware's attack targets the user-generated files, which may include a wide variety of file types, including various media file types, documents and databases. The following are examples of the types of data that are commonly compromised in infections like the Delphimorix Red Ransomware:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Delphimorix Red Ransomware adds the following string as a file extension to each affected file after encrypting the victim's files:
<.demonslay335_you_cannot_decrypt_me!
Criminals have updated the design of the Delphimorix Red Ransomware's ransom note and email contact. While the previous variant of the Delphimorix Red Ransomware demanded an extraordinarily high ransom (101 BTC or nearly half a million US dollars), the Delphimorix Red Ransomware goes even further and demands a ransom of 999999.5 BTC, or more than four billion USD. Clearly, the criminals are merely poking fun and are not intending to receive a ransom payment from the victim. Fortunately, PC security researchers suspect that it also is possible to release a decryption program to help computer users recover from a Delphimorix Red Ransomware attack.
Protecting Your Data from Threats Like the Delphimorix Red Ransomware
If your data has been compromised by the Delphimorix Red Ransomware attack, the best protection is to have file backups. The computer users that have backup copies of their files and these backups are stored safely, can remove the Delphimorix Red Ransomware Trojan and restore their files from the backup copy. Computer users without copies of their files will have to wait until a decryption program is available since it may not be possible to restore the data that has been compromised by a threat like the Delphimorix Red Ransomware. Therefore, it is more imperative than ever to have backup copies of all your data, which remains the best protection against ransomware Trojans like the Delphimorix Red Ransomware.
