DIS Ransomware

The DIS Ransomware is a file-locking Trojan from the Dharma Ransomware family, which runs as a Ransomware-as-a-Service that 'hires out' to third-party attackers. The DIS Ransomware can lock Windows users' files, destroy their backups and deliver ransom notes that sell its data-unlocking service afterward. Users can back their work up onto other devices and use appropriate anti-malware tools for deleting the DIS Ransomware.

Returning to Ransomware-as-a-Service Basics

File-locking Trojans may innovate with experimental social engineering techniques, different platforms like semi-automated TOR websites, and alternate locking features such as bundling all files into an archive. However, most of these threats need no innovation or creativity and are part of a cookie cutter-stamped template with few variations. Such is true of the DIS Ransomware, which shows that Dharma Ransomware's family model for doing business still has at least the perception of profiting.

The DIS Ransomware isn't the first Trojan of its family to appear in 2021; comparable relatives include the 14x Ransomware and the aptly-named 2021 Ransomware, although the family goes back years with variants like the SySS Ransomware or the 'paydecryption@qq.com' Ransomware. The central feature in all cases, including the DIS Ransomware, is AES-based, RSA-secured encryption. This feature targets and 'locks' files such as movies, databases, documents, music, and other media. The Trojan also adds an extension and e-mail that changes with each variant, such as the DIS Ransomware's 'dis' extension, but removing the extension doesn't impact the data-locking encryption.

Malware researchers heavily discourage keeping all backups on locally-accessible, unprotected drives due to commonplace deletion and encryption attacks. In particular, the Restore Points are targets for deletion. Since there isn't a free solution to the DIS Ransomware's locking attack, users depend on remote, secure, and well-maintained backups for any reasonable recovery of their files.

Taking a Forward-Thinking Stance against Data Encryptors

The DIS Ransomware is very recognizable as a family member because it generates a classic set of Dharma Ransomware ransom notes in HTA and TXT formats. However, paying the ransoms might not provide the response that victims hope for, and threat actors negotiate in good faith rarely. A further issue is that every payment to campaigns like the DIS Ransomware's makes a case for more development and support for the Ransomware-as-a-Service industry.

For preventing infections and the associated data loss effectively, malware researchers endorse the below steps for all Windows users:

• Turning off browser features that may put users at risk, including Java, JavaScript and Flash
• Scanning e-mail attachments and other downloads that could be disguised threats (such as invoices with embedded exploits)
• Updating software such as WordPress and Microsoft Office for removing vulnerabilities
• Using strong passwords that prevent attackers from brute-forcing them
• Limiting the availability of RDP

Because different threat actors employ RaaS families, the infection models can be more creative and variable than most Trojans. However, Windows users with compatible anti-malware protection have the best chances of blocking installation exploits or deleting the DIS Ransomware before it's a problem.

The DIS Ransomware is a modest and predictable update to a family whose business needs no major reworking. Until victims stop paying and start backing up, threats like the DIS Ransomware will stay a problem in 2021.