DogeCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | January 19, 2011 |
| Last Seen: | September 28, 2020 |
| OS(es) Affected: | Windows |
The DogeCrypt Ransowmare is considered a variant of the DesuCrypt Ransomware, but the hackers have done some significant modifications to the threat's behavior. While the DesuCrypt Ransomware imitates a typical ransomware threat, it does not, in fact, encrypt any files and leave a note with instructions for its victims. Instead, it simply damages the targeted files rendering them unusable and changing the background image to one with a short message that doesn't contain any emails or other methods to contact the criminals.
The DogeCrypt Ransomware, on the other hand, does include an encryption process and drops a proper ransom note on the infected computers. Every successfully encrypted file will have its name changed to include an email address under the hackers' control and '.DogeCrypt' as a new extension. For example, a file named 'Picture1.png' will be renamed to 'Picture1.png.[dogeremembersss@protonmail.ch].DogeCrypt.' DogeCrypt creates a text file named 'note.txt' and changes the default background image to one containing a ransom note.
The text of the desktop image and the text file are nearly identical. The only difference is that the 'note-txt' file includes a line that attempts to assure the DogeCrypt Ransomware victims that their files have not been damaged or destroyed but merely modified. Two email addresses are provided so that the affected users can establish communication with the criminals - 'dogeremembersss@protonmail.ch' or 'omnisystems@airmail.cc.'
The note found in the text file left by the DogeCrypt Ransowmare is:
'WARNING!
Your files were encrypted by DogeCrypt.The files are not damaged or destroyed! They're only modified
If you want to reverse the modification conatact us:
dogeremembersss@protonmail.ch
or
omnisystems@airmail.cc'
The message on the desktop image is:
'YOUR FILES ARE ENCRYPTED!
If you want to recover them contact us:
dogeremembersss@protonmail.ch
or
omnisystems@airmail.cc.'
DogeCrypt appears to target English-speaking users. Victims are told that they must contact the criminals behind the infection through the given email address. The attackers only listed the email address, not including information about the size of the ransom. With that said, users are encouraged never to contact the attackers under any circumstances. It is better to take steps to remove the virus from your computer.
Paying the ransom demand may not get you the results you want. There is no proof that the attackers will hand over the decryption key. It’s more likely that you will become the victim of a scam. Use antivirus software to remove DogeCrypt ransomware and then restore your files from an external backup.
It may be possible to restore data without a backup, but it will be challenging as the virus is programmed to remove all Shadow Volume Copies from the computer. These are what the computer uses to restore data without a backup.
How Did DogeCrypt Get on My Computer?
- Phishing Emails
Phishing emails are among the most common infection methods for ransomware and viruses in general. Hackers send hundreds of messages to random emails. The emails are designed to look legitimate but have compromised links and attachments. Users interact with the email and infect their computer in the process.
- Payload Files Delivery
The code for the virus can be injected into other files. These files are downloaded from the internet by unsuspecting users. Macro-infected documents and spreadsheets are standard payload delivery methods. These documents are created to be compatible with Office and trick the users into activating macros (built-in scripts) to view the content on the file correctly. One such script installs the virus on the computer. Another alternative is to create infected program installers. These installers are executable files that install the virus code and can be disguised as freeware programs or software updates.
- Internet Services and Websites
The installation file for DogeCrypt can be uploaded to different download portals and online communities, including chat rooms, forums, and social media. Hackers can also post links using fake and stolen accounts to make them seem more legitimate and trick users.
How to Protect Against Ransomware Attacks
The most important thing you could do to protect your computer against DogeCrypt and other viruses is install an antivirus program on your computer. Far too many people take the approach that they are careful online and would never get a virus, so they don’t need an antivirus. Cyber criminals will always find a way to exploit something on your computer to infect it. It isn’t worth the risk of not having an antivirus program.
Another thing to do would be to avoid opening and interacting with emails from people you don’t know. If you suspect that an email isn’t from who it claims to be from, just delete it and move on. Once again, the risk isn’t worth it. Never download attachments or follow links in spam emails. Don’t even waste your time with spam.
Avoid using torrenting websites and other peer-to-peer networks, especially to download and access paid software. Not only is this illegal anyway, but you are opening the door for hackers to infect your computer. Hackers hide their malicious programs inside software cracking tools. They also upload viruses under the names of popular software that people pirate. If you want the software that badly, then the least you could do is pay for it to support the official developers.
