Threat Database Ransomware DevNightmare Ransomware

DevNightmare Ransomware

By GoldSparrow in Ransomware

The DevNightmare Ransomware is a variant of the HiddenTear ransomware Project. The DevNightmare Ransomware was first detected in September of 2016. The DevNightmare Ransomware identifies files that it encrypts using the file extension '.2xx9' and carries out a typical ransomware attack which involves encrypting the victim's files and then demanding the payment of a fee to provide the decryption key necessary to recover the affected files. Fortunately, since the DevNightmare Ransomware is based on the well-known HiddenTear ransomware project, it is highly likely that a decryption utility is available, which can help computer users recover from a the DevNightmare Ransomware attack. Computer users can prevent attacks like the DevNightmare Ransomware by using a reliable security program that is fully up-to- date and always having good backups of all important files.

The Nightmare that may Affect Your Finances

The DevNightmare Ransomware attack is simple to understand: the DevNightmare Ransomware encrypts the victim's files using a strong encryption algorithm and then asks for ransom in exchange for the decryption key. Once DevNightmare Ransomware has encrypted the files, they become inaccessible. There are numerous methods in which ransom notes may be delivered. The DevNightmare Ransomware simply drops text files named 'READ_ME.txt' in the directories where it has encrypted content. The DevNightmare Ransomware may be distributed through corrupted spam email attachments, as well as on peer-to-peer file sharing networks.

There are other ways in which the DevNightmare Ransomware can be delivered. PC security analysts have noted that hackers accessing the victim's computer directly could install the DevNightmare Ransomware. It also may be installed through exploit kits contained on attack websites to which computer users are redirected using corrupted scripts. Once the DevNightmare Ransomware enters a computer, it connects to its Command and Control server and downloads its encryption module and other data. The following are some of the files commonly targeted by the DevNightmare Ransomware during its attack:

.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .dll, .lnk, .pdf .

After encrypting a file, the DevNightmare Ransomware appends the extension '.2xx9' to that file, dropping a ransom note as well. The ransom note used by the DevNightmare Ransomware is written in very poor English (indicating that the attackers are clearly not English speakers):

Congratulations!!!…
Your System is inficated with Dev-Nightmare 2xx9 Ransomware
Your All Files and database are encrypted.
If you want you files back contact me at the DevNightmare2xx9@gmail.com
Send me some money or bitcoins
And I hate fake peoples.

Dealing with a DevNightmare Ransomware Attack

Although victims of these attacks may not be able to do anything to recover, since the encryption methods are quite strong, this is not the case with HiddenTear variants. A decryption utility for HiddenTear variants has been available for some time. Since the DevNightmare Ransomware is derived from HiddenTear, it is very likely that one of these decryption utilities could help computer users recover their files from a DevNightmare Ransomware attack. However, the most effective method for recovering from ransomware attacks remains the use of a backup file. Computer users should backup their files on an external memory device or the cloud regularly. If all of your files are backed up, then the people attempting to carry out attacks like the DevNightmare Ransomware have no leverage to threaten you, since you can simply recover the encrypted files by deleting them and then copying over the copies from the backup. Find ways to limit exposure to threats like the DevNightmare Ransomware. An up-to-date security program can help prevent the DevNightmare Ransomware and other threats from finding their way into your computer or your email inbox.

Trending

Most Viewed

Loading...