Dex Ransomware Description
The Dex Ransomware is one of the latest ransomware variants spawned from the rather prolific Dharma Ransomware family. Compared to the rest of the threats belonging to the Dharma family, the Dex Ransomware doesn't display any significant modifications or improvements. It doesn't need them, though, as it possesses sufficient aptitude for destruction even at its current level.
If the Dex Ransomware manages to infiltrate the targeted computer successfully, it will proceed to lock it by leveraging a powerful cryptographic algorithm resulting in nearly all of the files stored on the machine becoming inaccessible and unusable. All of the widely used filetypes can be affected - pictures, audio, video, documents, databases, PDFs, etc. The name of each encrypted file will undergo drastic change as the threat will append a specific ID string assigned to the victim, followed by an email address belonging to the hackers, and finally '.dex' as a new extension to it. The email address used in the file names is 'email@example.com.' The Dex Ransomware follows the typical Dharma Ransomware delivery method for its ransomware notes. It first creates text files named 'FILES ENCRYPTED.txt' in all folders containing encrypted files and then generates a pop-up window.
The messages found in the text files and the pop-up window are different. The instructions found in the text files are extremely brief and contain no meaningful details. They simply tell affected users to contact the hackers by sending a message to either 'firstname.lastname@example.org' or 'dex.dex.tuta.io.' Victims reading the pop-up window will learn that they should initiate communication through the first email, while the second should be used only if 12 hours pass without receiving an answer from the criminals.
The text delivered in the 'FILES ENCRYPTED.txt' files is:
'all your data has been locked us
You want to return?
write email email@example.com or dex.dex.tuta.io
The insctuctions displayed in the pop-up window are:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email firstname.lastname@example.org YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:dex.dex.tuta.io
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
How Does DEX Ransomware Infect Computers?
Viruses like DEX have several ways to get on computers. The primary infiltration method is through the use of spam emails. These emails contain weaponized links or attachments. Here are the main distribution methods to watch for;
Cybercriminals write emails with forged header information to trick readers into thinking it comes from a legitimate source, such as FedEx or DHS. The email says that the company failed to either deliver a package or send one on your behalf. The email could also be a fake shipment notification. The goal is to tempt readers into clicking a link or opening an attached file. This interaction is all it takes to infect your computer. The good news is that nothing happens if you don’t, viruses can only get on your computer if you let them.
DEX also infects computers by exploiting vulnerabilities in software and computer operating systems. Viruses like these exploit holes in browsers, Office files, and third-party applications. Keep your software and operating system updated to avoid these issues and keep your computer clean.
Should I Pay the Ransom?
Unfortunately, there is currently no way to decrypt files encrypted by DEX ransomware manually. Sometimes security researchers release decryption software, but they have so far been unable to crack the DEX code. It may be possible that they will succeed in the future, but for now, you should focus on removing the virus and restoring your files.
We recommend against paying the ransom demand for decryption. The criminals are under no obligation to decrypt your files even if they get your money. More often than not, ransomware victims fall victim to scams as well.
It may still be possible to get your data back without having to pay anyone. The first step is to remove the virus from your computer. Antimalware and antivirus programs are useful for this. Removing the malware won’t undo the damage, but it does prevent files from being encrypted again. Next, use an external or online backup to recover your files. One of the key reasons to keep a robust data backup is to have options for recovery in situations like this.