Douarix Ransomware
The Douarix Ransomware is a new potent malware threat that has been detected by infosec researchers. Although Douarix is a variant from the VoidCrypt Ransomware family and as such doesn't possess any meaningful improvements or modifications, it can still stop users from accessing their own files. If the threat is capable of breaching the targeted device, it will initiate an encryption process that will lock nearly all files stored there.
Each encrypted file will have its name changed significantly. Indeed, the Douarix Ransomware follows a complex naming pattern - it attaches to the original names of the files an email address belonging to the hackers, a unique ID string assigned to the particular victim, and finally '.Douarix' as a new file extension. The email address used by Douarix is 'DouariX@tutanota.com.' As for its ransom note, the threat will drop it on the breached system in the form of text files named 'Decrypt-me.txt.'
The note doesn't mention the exact sum of the ransom demanded by the hackers, but it does clarify that the money must be sent using the Bitcoin cryptocurrency. The first step that all victims of Douarix Ransomware will have to do, however, is to locate a file named prvkey*.txt.key (the asterisk may be substituted with a number). This file, apparently, is essential for the restoration of encrypted files. Users should send it with their first email message while also avoiding tampering with its contents in any way. In addition, a single file that is less than 1MB in size can also be attached and will supposedly be decrypted for free.
The full text of Douaris Ransomware's instructions is:
'All Your Files Has Been Encrypted
You Have to Pay to Get Your Files Back
1-Go to C:\ProgramData\ folder and send us prvkey*.txt.key file , * might be a number (like this : prvkey3.txt.key)
2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data
3-Payment should be with Bitcoin
4-Changing Windows without saving prvkey.txt.key file will cause permanete Data lossOur Email:DouariX@tutanota.com
in Case of no Answer: DouariX@cock.li.'
