Doydo Ransomware

Doydo Ransomware Description

The Doydo Ransomware is a new variant of the previously detected Babuk Ransomware threat. Despite lacking any significant improvements when compared to the Babuk Ransomware, Doydo's destructive potential should not be underestimated. Once the threat has infiltrated the victim's computer successfully, it initiates an encryption routine that locks a wide range of filetypes with an uncrackable cryptographic algorithm. Every single encrypted file will be marked by having '.doydo' appended to its original name. Then, a ransom note with instructions will be dropped on the system. More specifically, the malware creates a text file named 'Help Restore Your Files.txt' on the victim's desktop.

Ransom Note's Details

According to the ransom-demanding message, the hackers behind the Doydo Ransomware want to receive $300 from the affected users. The money must be sent to the provided crypto-wallet address and must be in Bitcoins. After making the payment, victims are expected to send proof to the email address mentioned in the note - '' They also can attach a single encrypted file that will supposedly be unlocked for free and sent back. 

The full text of the note is:

'All of your files have been encrypted!

The harddisks of your computer have been encrypted with an military grade encryption algorithm.

There is no way to restore your data without a special

software Doydo.

To purchase your key and restore your data, please follow these three easy:

The price for the software is $300 dollars USD. Payment can be made in Bitcoin only.

Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs

Once paid, send proof of payment:


You receive your key in 20 minutes:

To make sure we have the decryptor and it works,

you can send an email:

and decrypt a file for free.

But this file shouldn't be of any value!

Warning: do not turn off your pc!

If you abort this process, you could destroy all of your data!

Please ensure that your power cable is plugged in!'