Dotmap Ransomware

Malware experts came across a new piece of ransomware and named it Dotmap Ransomware recently. When they studied this file-locking Trojan, it became clear that this is yet another ransomware threat from the notorious STOP Ransomware (also called Djvu Ransomware) family. Often, instead of building a whole new data-encrypting Trojan from the ground up, cybercriminals opt to incorporate an already existing threat and only alter it slightly.

It is not yet disclosed for sure what the spreading method of the Dotmap Ransomware is but it is likely that the methods employed may include spam emails, which contain a corrupted attachment, faux updates and infected pirated software. When the Dotmap Ransomware infects a computer, the first thing it would do is scan the machine. After the scan is done, the Dotmap Ransomware will have located all the file that the attackers programmed it to target. Next, the Dotmap Ransomware will trigger the encryption process. After this step of the attack is completed, you may notice that the names of your files have been changed. This is because the Dotmap Ransomware adds an extension to the files it locks, '.dotmap,' meaning that a photo previously named 'dusk.jpg' would be called 'dusk.jpg.dotmap' after the encryption process is through. Next, the Dotmap Ransomware would drop a ransom note called '_readme.txt.' In the note, the attackers do not give any details regarding the ransom, like what the sum demanded is or whether they require it in normal or cryptocurrency. They, however, provide the victim with an email address – bufalo@firemail.cc. This is how the user is meant to get in touch with the perpetrators of the attack.

It is not safe to contact cyber crooks, and we would certainly advise you against emailing the creators of the Dotmap Ransomware as they will trick you most likely. A better option is to make sure that you have downloaded a trustworthy anti-spyware tool and use it to wipe your system clean.