Dewar Ransomware

Dewar Ransomware Description

Dewar Ransomware ScreenshotThe Dewar Ransomware is a file-locking Trojan that belongs to the Phobos Ransomware family. Data-locking Trojans are particularly nasty as they would infiltrate the target's computer, sniff out all their files and encrypt them swiftly. Victims of ransomware threats are usually demanded to pay a large sum as a ransom fee in exchange for a decryption tool.

Propagation and Encryption

Authors of ransomware threats use a variety of propagation methods to distribute these malicious creations. Malvertising campaigns, torrent trackers, spam emails, bogus application updates, fraudulent copies of popular software tools are among the most commonly utilized techniques. In order to lock the targeted data, the Dewar Ransomware would apply a complex encryption algorithm. The Dewar Ransomware is likely to target documents, images, videos, spreadsheets, databases, archives, and many, many other filetypes. Ransomware threats are usually designed to target a wide array of filetypes in order to ensure maximum damage to the infected system. After a file undergoes the encryption process of the Dewar Ransomware, it will have its name altered as this threat appends a '.id[].[kryzikrut@airmail.cc].dewar' extension to the locked file's name.

The Ransom Note

After the encryption process is completed, the Dewar Ransomware will drop a ransom note on the compromised computer. The files that contain the attackers' message is called 'info.txt' and 'info.hta.' The creators of the Dewar Ransomware offer to unlock five files free of charge to prove to the user that they have a working decryption tool. There are two email addresses provided as a means of getting in touch with the attackers – ‘kokux@tutanota.com' and ‘kryzikrut@airmail.cc.' For users who prefer Jabber, the creators of the Dewar Ransomware have given out their contact details – ‘decrypt_here@xmpp.jp.' The attackers have even provided their Telegram details – '@hpdec.'

It is not a good idea to contact the authors of the Dewar Ransomware. There are zero guarantees that you will be provided with the decryption key you need in order to unlock your files. If you want to remove the Dewar Ransomware from your computer, it is best to trust a reputable antivirus software suite.

3 Comments

  • 于冬:

    试用了一下,病毒是扫描出来了,但是被加密的文件无法解密,有什么办法吗?被加密的文件后缀是dewar

    • GoldSparrow:

      Most often, there is no way to decrypt the files. Though, if you have a backup you can restore the files. We can also try to assist via our HelpDesk, which comes as part of a service with SpyHunter. You can submit a support ticket and one of our techs can assist you.

  • tarik:

    Hayırlı günler dilerim, Virüsün PC den kaldırılması ile alakalı yazmışsınız teşekkür ederiz fakat biz bunun çözümünü arıyoruz.. Çözümü ulaşamadığımız word belgeleri için çözüm olacak bir program yok mu =?

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.