Threat Database Ransomware Dot Ransomware

Dot Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 18,904
Threat Level: 80 % (High)
Infected Computers: 30
First Seen: March 1, 2017
Last Seen: October 5, 2022
OS(es) Affected: Windows

The Dot Ransomware is a ransomware Trojan that has been associated with a Ransomware as a Service (RaaS) provider. The providers of this harmful service allow their customers to create custom made ransomware Trojans while providing a Command and Control server and various forms of support. Con artists may distribute the Dot Ransomware using spam email messages or other methods, and the RaaS providers keep a percentage of the money that is collected from the victims affected by the Dot Ransomware. RaaS has increased in the market and is largely responsible for the sharp increase in ransomware Trojan infections in the last year. The Dot Ransomware itself was first observed in February 2017 and has been connected to corrupted email attachments using known tactics to trick inexperienced computers.

The Dot Ransomware Infection and Its Consequences

People that want to use the Dot Ransomware can register on the page of the RaaS, which can be found on the TOR Network. This website is surprisingly sophisticated, with a well-designed interface that could belong to any legitimate business. Using a threat builder, called Dot Builder, con artists can create their own versions of the Dot Ransomware to carry out their attacks. PC security researchers have obtained a copy of the builder used to create variants of the Dot Ransomware. It seems that it is very similar to other ransomware builders that have been released in the last year. The Dot Ransomware's builder is similar to the builder of Atom Ransomware especially, and it is possible that the team responsible for one could have been involved in the other (although there is not specific evidence to point to a direct connection between both threats). It is not uncommon for threat creators to recycle large portions of code from one ransomware Trojan to another, resulting in an environment where most ransomware Trojans are related in some way through their code.

After studying the Dot Ransomware, PC security researchers have determined that the following options are available to the con artists that use the builder to create their own version of the Dot Ransomware:

  • Set Bitcoin Address
  • Set Encryption Mode
  • Set Attacked Extension
  • Set Default Decryption Price
  • Set Special Decryption Price For Country
  • Print Current Ransomware Build Settings
  • Download Ransomware Core
  • Load Ransomware Core
  • Build Ransomware

How the Dot Ransomware Builder Business Model Works

The developers of the Dot Ransomware builder keep a very large percentage of the profits from the Dot Ransomware attacks. While most ransomware Trojan builders allow their creators to keep 20-25 percent of the profits, the team behind the Dot Ransomware demands that they keep half of the profits. The degree of customization available in the Dot Ransomware builder means that it is very likely that new versions of the Dot Ransomware will be released constantly.

How the Dot Ransomware Attack Works

The Dot Ransomware uses an effective encryption engine. The Dot Ransomware uses a combination of the RSA and AES encryption to make the victim's files completely inaccessible. Once the Dot Ransomware has encrypted the victim's files, they become completely inaccessible, only recoverable with the decryption key (which the con artists hold in their possession until the victim pays the ransom). Because the Dot Ransomware's encryption routine is quite effective, the best protection against the Dot Ransomware, as well as against the majority of effective encryption ransomware Trojans, is to have a reliable backup method. PC security researchers advise computer users to have backup copies of their files on a removable memory device or the cloud, to allow a quick recovery in case of an attack with the Dot Ransomware or other ransomware Trojan with a similar attack. A reliable security program that is fully up-to-date also may intercept the Dot Ransomware before it is installed. Since the Dot Ransomware may be distributed using corrupted email messages, PC security analysts also advise computer users to handle email attachments with caution.

Related Posts


Most Viewed