DORRA Ransomware

Ransomware poses significant risks to individuals and organizations by encrypting critical files and data and demanding payment for their release. Such attacks may lead to substantial financial losses, operational disruptions, and the potential for permanent data loss if the ransom is not paid.

Examining malware threats, cybersecurity researchers discovered a ransomware known as DORRA. This ransomware is designed to prevent victims from accessing their files by encrypting them. Additionally, DORRA renames files and provides a ransom note ('+README-WARNING+.txt'). It appends the victim's ID, an email address, and the '.DORRA' extension to filenames, for instance, changing '1.pdf' to '1.pdf.[2AF30FA3]. [dorradocry@outlook.com].DORRA' and '2.jpg' to '2.jpg.[2AF30FA3].[dorradocry@outlook.com].DORRA'. DORRA is part of the Makop family of ransomware, indicating its methods and codebase share similarities with other known threats from this group.

The DORRA Ransomware Operates by Locking Victims from Accessing Their Own Data

DORRA's ransom note informs the victim that their files have been encrypted and harvested. It cautions against trying to decrypt the files independently, as this may corrupt the files and lead to their permanent loss. The ransom note instructs the victim to contact the attackers via the email address dorradocry@outlook.com, threatening that failure to do so will result in their data being published online.

The ransom note further directs the victim to send their ID, which is embedded in the filenames, to receive instructions on decrypting their files.

Paying the ransom is strongly discouraged, as PC users usually do not receive the promised decryption keys or tools even when meeting the demands and end up getting tricked by cybercriminals. It is crucial to promptly eliminate the ransomware from compromised systems to prevent further encryptions and infections of other computers on the same network.

Essential Security Measures against Ransomware and Malware

In today's interconnected world, protecting devices and data from malware and ransomware threats is crucial for both individuals and organizations. Cybercriminals are constantly developing sophisticated techniques to infiltrate systems, steal sensitive information, and demand ransom, causing significant financial and reputational damage. To safeguard against these threats, users must adopt strong security measures that address various aspects of cybersecurity.

First and foremost, regular software updates are essential. Software vendors frequently release updates that patch vulnerabilities and enhance security features. By ensuring that operating systems, applications, and anti-malware software are up-to-date, users can protect their devices from known exploits and reduce the risk of attacks.

The use of strong and unique passwords is another critical measure. Weak or reused passwords could easily be cracked by cybercriminals, granting them access to multiple accounts and sensitive information. Including a password manager can help users generate and store complex passwords, ensuring that each account has a unique and secure password.

Enabling multi-factor authentication (MFA) adds an extra layer of security. MFA requires users to provide additional verification checks to obtain access to their accounts, such as a a one-time code or password to be sent to their mobile device. This makes it significantly harder for attackers to compromise accounts, even if they have obtained the password.

Maintaining up-to-date anti-malware software is also vital. Anti-malware programs can detect and remove malware before it causes harm. Users should make sure that their security software is programmed to update automatically and perform regular scans to identify and eliminate potential threats.

Additionally, regular data backups are crucial in the fight against ransomware. By keeping recent copies of important files on external drives or cloud storage services, users can restore their data without paying a ransom if their files are encrypted by ransomware. It is important to ensure that the created backups are not associated to the main network to prevent them from being targeted by malware as well.

Cautious behavior when handling email attachments and downloads can significantly reduce the risk of infection. Cybercriminals often employ phishing emails and unsafe attachments to distribute malware. Users should be wary of unsolicited emails, avoid following suspicious links, and only download files from trusted sources.

Implementing these proactive strategies allows users to defend their crypto assets against the relentless onslaught of cyber threats. By staying vigilant and informed, individuals and organizations can create a robust defense system, safeguarding their data and maintaining the integrity of their digital environments.

Victims of the DORRA Ransomware are left with the following ransom note:

'Your files are encrypted and an important part of your data is stolen!!!
If you try to decrypt the files yourself, they may be corrupted and this may lead to the loss of your files!

You need to contact us at this email address: dorradocry@outlook.com
If we do not receive a response from you, your data will end up on the Internet.

Send me ID, which is indicated in the name of your files,
and you will receive instructions on how to decrypt all files.
Do not ignore this message, contact us as soon as possible to quickly get your files back.'