Domino Ransomware

Domino Ransomware Description

The Domino Ransomware is a ransomware Trojan that is used to collect money from inexperienced computer users. The Domino Ransomware, recently discovered in the Summer of 2016, is based on the Hidden Tear, an open source ransomware project that was designed to help malware researchers originally but then backfired as it helped con artists to create ransomware more effectively than before. Although there are numerous Hidden Tear variants, the Domino Ransomware is particularly interesting because it pretends to be a KMSPico Windows activation crack that does install KMSpico on the victim's computer. Apart from doing this, however, the Domino Ransomware will also encrypt the victim's files. The Domino Ransomware is not the official KMSpico application, but simply an installer that has been modified by the people responsible for the Domino Ransomware attack.

How the Domino Ransomware Attack is Carried Out

When the modified KMSpico installer is executed on the targeted computer, it extracts a randomly named file into the %Temp% directory. This randomly named file is, in turn, executed and extracts another file, a password protected file in a ZIP format named The password to this file is abc123456. Inside, this ZIP archive contains two executable files. One of them is named Help.exe, and the other is named HelloWorld.exe. The first of these two files is the Domino Ransomware's encryptor, designed to encrypt the victim's files using a strong encryption algorithm. The second of these files displays the Domino Ransomware's ransom note, which alerts the victim of the attack in an unusual way, and then demands that the victim contacts the developers of the Domino Ransomware for further instructions.

It is Very Easy to Uncover this Domino

The Domino Ransomware's ransom note contains instructions for the computer user. It tells the victim how to pay the ransom and instructs the victim to contact the Domino Ransomware's developers at the email address The ransom note contains two curious elements: the phrase 'Winter is Coming,' immortalized by the popular TV show Game of Thrones, and an ASCII picture of a cow. The Domino Ransomware is nearly identical to other ransomware Trojans, except that it is distributed in a modified KMSpico installer and the curious pop-culture reference and picture of a cow contained in its ransom note.

The Domino Ransomware targets the following types of files on the victim's computer:

.3fr, .7z, .accdb, .ai, .apk, .arch00, .arw, .asp, .aspx, .asset, .avi, .bak, .bar, .bay, .bc6, .bc7, .big, .bik, .bkf, .bkp, .blob, .bsa, .c, .cas, .cdr, .cer, .cfm, .cfr, .class, .cpp, .cr2, .crt, .crw, .cs, .csr, .css, .csv, .d3dbsp, .das, .DayZProfile, .dazip, .db0, .dba, .dbf, .dbfv, .dcr, .der, .desc, .dmp, .dng, .doc, .docm, .docx, .dtd, .dwg, .dxg, .epk, .eps, .erf, .esm, .ff, .fla, .flv, .forge, .fos, .fpk, .fsh, .gdb, .gho, .h, .hkdb, .hkx, .hplg, .htm, .html, .hvpl, .ibank, .icxs, .indd, .itdb, .itl, .itm, .iwd, .iwi, .java, .jpe, .jpeg, .jpg, .js, .jsp, .kdb, .kdc, .kf, .layout, .lbf, .litemod, .lrf, .ltx, .lua, .lvl, .m, .m2, .m3u, .m4a, .map, .mcgame, .mcmeta, .mdb, .mdbackup, .mddata, .mdf, .mef, .menu, .mlx, .mov, .mp4, .mpqge, .mrwref, .ncf, .nrw, .ntl, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pak, .pdd, .pdf, .pef, .pem, .pfx, .php, .pkpass, .pl, .png, .ppt, .pptm, .pptx, .psd, .psk, .pst, .ptx, .py, .qdf, .qic, .r3d, .raf, .rar, .raw, .rb, .re4, .rgss3a, .rim, .rofl, .rss, .rtf, .rw2, .rwl, .sav, .sb, .sc2save, .sh, .sid, .sidd, .sidn, .sie, .sis, .slm, .sln, .snx, .sql, .sr2, .srf, .srw, .sum, .svg, .swift, .syncdb, .t12, .t13, .tax, .tor, .txt, .unity3d, .upk, .vb, .vcf, .vcxproj, .vdf, .vfs0, .vpk, .vpp_pc, .vtf, .w3x, .wallet, .wb2, .wma, .wmo, .wmv, .wotreplay, .wpd, .wps, .x3f, .xcodeproj, .xf, .xhtml, .xlk, .xls, .xlsb, .xlsm, .xlsx, .xxx, .zip, .ztmp.

Since the Domino Ransomware is based on the Hidden Tear, there is a brute force decryption key that can help victims of the Domino Ransomware recover their files without needing to pay the Domino Ransomware ransom to recover their files currently.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.