Dot Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 32 |
| First Seen: | March 1, 2017 |
| Last Seen: | February 24, 2023 |
| OS(es) Affected: | Windows |
The Dot Ransomware is a ransomware Trojan that has been associated with a Ransomware as a Service (RaaS) provider. The providers of this harmful service allow their customers to create custom made ransomware Trojans while providing a Command and Control server and various forms of support. Con artists may distribute the Dot Ransomware using spam email messages or other methods, and the RaaS providers keep a percentage of the money that is collected from the victims affected by the Dot Ransomware. RaaS has increased in the market and is largely responsible for the sharp increase in ransomware Trojan infections in the last year. The Dot Ransomware itself was first observed in February 2017 and has been connected to corrupted email attachments using known tactics to trick inexperienced computers.
Table of Contents
The Dot Ransomware Infection and Its Consequences
People that want to use the Dot Ransomware can register on the page of the RaaS, which can be found on the TOR Network. This website is surprisingly sophisticated, with a well-designed interface that could belong to any legitimate business. Using a threat builder, called Dot Builder, con artists can create their own versions of the Dot Ransomware to carry out their attacks. PC security researchers have obtained a copy of the builder used to create variants of the Dot Ransomware. It seems that it is very similar to other ransomware builders that have been released in the last year. The Dot Ransomware's builder is similar to the builder of Atom Ransomware especially, and it is possible that the team responsible for one could have been involved in the other (although there is not specific evidence to point to a direct connection between both threats). It is not uncommon for threat creators to recycle large portions of code from one ransomware Trojan to another, resulting in an environment where most ransomware Trojans are related in some way through their code.
After studying the Dot Ransomware, PC security researchers have determined that the following options are available to the con artists that use the builder to create their own version of the Dot Ransomware:
- Set Bitcoin Address
- Set Encryption Mode
- Set Attacked Extension
- Set Default Decryption Price
- Set Special Decryption Price For Country
- Print Current Ransomware Build Settings
- Download Ransomware Core
- Load Ransomware Core
- Build Ransomware
How the Dot Ransomware Builder Business Model Works
The developers of the Dot Ransomware builder keep a very large percentage of the profits from the Dot Ransomware attacks. While most ransomware Trojan builders allow their creators to keep 20-25 percent of the profits, the team behind the Dot Ransomware demands that they keep half of the profits. The degree of customization available in the Dot Ransomware builder means that it is very likely that new versions of the Dot Ransomware will be released constantly.
How the Dot Ransomware Attack Works
The Dot Ransomware uses an effective encryption engine. The Dot Ransomware uses a combination of the RSA and AES encryption to make the victim's files completely inaccessible. Once the Dot Ransomware has encrypted the victim's files, they become completely inaccessible, only recoverable with the decryption key (which the con artists hold in their possession until the victim pays the ransom). Because the Dot Ransomware's encryption routine is quite effective, the best protection against the Dot Ransomware, as well as against the majority of effective encryption ransomware Trojans, is to have a reliable backup method. PC security researchers advise computer users to have backup copies of their files on a removable memory device or the cloud, to allow a quick recovery in case of an attack with the Dot Ransomware or other ransomware Trojan with a similar attack. A reliable security program that is fully up-to-date also may intercept the Dot Ransomware before it is installed. Since the Dot Ransomware may be distributed using corrupted email messages, PC security analysts also advise computer users to handle email attachments with caution.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.