Dom (Scarab) Ransomware

Ransomware threats are perhaps one of the worst malware type one may have to deal with. These nasty data-locking Trojans sneak into the computers of unsuspecting users, encrypt all their data, and then extort them for money. To makes matters worse, this is certainly among the most popular malware types that are being distributed daily. One of the latest ransomware threats spotted is called the Dom Ransomware. The Dom Ransomware belongs to the popular Scarab Ransomware family.

Propagation and Encryption

Malware researchers have not yet uncovered what the infection vectors used in the propagation of the Dom Ransomware are. One of the most well-used methods of distributing threats of this kind is spam emails. The fake email would contain a fraudulent message whose goal is to convince the user to launch the attached file by making it seem like an important document that also is harmless completely. However, this is what happens certainly, and if the users fall for this trick and open the attachment, their machines will be compromised by the Trojan. Among other popular methods for ransomware distribution, there are torrent trackers, bogus software updates, and fake pirated copies of popular applications. The Dom Ransomware is likely to target a very wide range of files to cause greater damage. The Dom Ransomware will apply an encryption algorithm to lock all the targeted data. When the encryption process is completed, you will notice that the names of your files have been altered. The Dom Ransomware applies a ‘.dom’ extension to the end of the file names of the affected files. This means that a file, which was named ‘new-apartment.jpeg’ initially, will be renamed to ‘new-apartment.jpeg.dom’ when the encryption process is through.

The Ransom Note

The next step of the attack is the dropping of the ransom note. The Dom Ransomware drops its ransom note on the desktop of the victim. The note’s name is ‘How to decrypt files.txt,’ and it is rather lengthy. In the note, the attackers inform the victims that their files have been encrypted and provide them with their uniquely generated victim ID. The authors of the Dom Ransomware do not mention what the ransom fee is, but they make it clear that it will be demanded in the shape of Bitcoin. For users who do not know how to obtain Bitcoin, the attackers have provided detailed instructions. The creators of the Dom Ransomware offer to decrypt up to three files free of charge (provided that they are no larger than 1MB and do not contain valuable information) as a way of proving to the victims that they are able to reverse the damage done to their data. There are two email addresses provided as means of communicating with the attackers – ‘personaliddecryptor@aol.com’ and ‘personaliddecryptor@protonmail.com.’
It is best to avoid communicating with cyber crooks. Even if you decide to pay the fee demanded, you are likely to be left empty-handed like countless other victims of ransomware. This is why you should look into obtaining a reputable anti-malware tool that will help you remove the nasty Trojan from your computer.