DolphinTear Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | June 7, 2017 |
| Last Seen: | October 17, 2019 |
| OS(es) Affected: | Windows |
The DolphinTear Ransomware is a ransomware Trojan that carries out a typical encryption attack. The main purpose of the DolphinTear Ransomware is to encrypt its victims' files, making them unusable. The DolphinTear Ransomware then demands the payment of a ransom in exchange for the decryption key, needed to restore the affected files to normality. This is a common attack used by countless variants of this threat. Due to the increasing presence of threats like the DolphinTear Ransomware in the wild, computer users should take steps to protect their data from this and other encryption ransomware Trojans.
The Main Target of the DolphinTear Ransomware is German-Speaking PC Users
The DolphinTear Ransomware was created based on HiddenTear, an open source ransomware platform that was released in 2015 for educational purposes supposedly. The release of HiddenTear resulted in countless variants of ransomware, which include the DolphinTear Ransomware. The release of this and other open source ransomware platforms placed a highly effective threat infection in the hands of anyone. Before these threats emerged, creating ransomware variants involved a substantial barrier since only programmers and developers with considerable resources and knowledge would have been able to carry out a project like this. Unfortunately, creating these platforms has meant that any person can download and create their own ransomware variant to then distribute to victims through the use of corrupted email messages or other typical distribution platforms.
Malware analysts suspect that the developers of the DolphinTear Ransomware are based in Germany because many materials associated with the DolphinTear Ransomware are written in German, including its ransom note and a message that reads 'files were encrypted with I-AM-A-DOLPHIN' in German. The DolphinTear Ransomware uses the AES 256 encryption to make its victims' data unreadable. After encrypting its victims' data, the DolphinTear Ransomware will deliver a ransom note in the form of a text file named 'LIES_MICH.txt' (which in English means 'READ_ME.txt'). When the victims open this file, they will find the message that was mentioned previously. Most ransomware Trojans demand ransom payment through this ransom note. However, the DolphinTear Ransomware does not establish any payment amount or method, merely informing the victim that the encryption occurred. This indicates that the DolphinTear Ransomware is still unfinished or under development probably. New variants of the DolphinTear Ransomware with a more developed ransom demand and attack strategy may appear shortly, perhaps delivered with a different name or form of branding.
Nullifying the DolphinTear Ransomware and Preventing Similar Attacks
The DolphinTear Ransomware infects computers running the Windows operating system, optimized to infect 32-bit systems, but also capable of infecting computers using 64-bit versions of this operating system. The files encrypted by the DolphinTear Ransomware attack can be identified easily because the DolphinTear Ransomware will add the file extension '.dolphin' to each infected file's name. Unfortunately, once the DolphinTear Ransomware encrypts the files, they cannot be recovered using current methods. Because of this, prevention is the best measure in responding to the DolphinTear Ransomware and other ransomware variants using a similar attack method.
The best protection against ransomware Trojans like the DolphinTear Ransomware is to have backup copies of all files. Having backups on an external memory device or the cloud will ensure that computer users can restore the affected files after they are encrypted by the DolphinTear Ransomware attack. In fact, if enough computer users have file backups, then attacks like the DolphinTear Ransomware will become obsolete completely since these people will no longer be able to demand a ransom payment. After all, if computer users have the ability to restore their files from the file backups, then the con artists lose any leverage over the victim that allows them to demand a ransom payment. Apart from file backups, it also is essential that computer users have a reliable security program that is fully up-to-date.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.