Threat Database Ransomware Dragon Ransomware

Dragon Ransomware

By GoldSparrow in Ransomware

Recently, a new variant of the notorious Aurora Ransomware has emerged, and it is called the Dragon Ransomware. It is paramount to note that this ransomware threat will check the IP of its target, and if the user is located in China, Hong Kong, or Taiwan, it halts the attack.

Propagation and Encryption

Cybersecurity experts have not yet been capable of determining which are the infection vectors used in the propagation of the Dragon Ransomware. Some believe that it is likely that the creators of the Dragon Ransomware have gone for the usual propagation methods employed in spreading such threats, namely fake software updates, pirated bogus copies of reputable applications, and spam emails, which contain macro-laced attachments. Regardless of the propagation method, the Dragon Ransomware always starts off its attack by performing a scan on the system. This is done to locate the files, which this ransomware threat was programmed to target. Next, the encryption process is triggered. Once the Dragon Ransomware locks a file, it also changes its name. This ransomware threat adds a ‘.locked’ extension at the end of the filename of each affected file. For example, a photo, which was called ‘Missing-Onyx.jpeg’ originally, will be renamed to ‘Missing-Onyx.jpeg.locked.’

The Ransom Note

When the encryption process is over, the Dragon Ransomware will drop a ransom note. The note’s name is ‘#DECRYPT_MY_FILES#.txt,’ and it states:

’Dragon Ransomware
###########################

#What happened to your files?
All your files has been encrypted by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

#What does this mean?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

#How did this happen?
Especially for you, on our server was generated the secret key pair RSA-2048 – public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

#What do I do?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for the solutions because they do not exist.
Trying to reinstall the system and decrypting the file with a third-party tool will result in file corruption which means no one can decrypt your file(including us)!
If you still try to decrypt the file yourself, you do so at your own risk!

#Test decryption!
As a proof, you can send 3 encrypted files and ID to test decrypt,and we will send you the decrypted files to prove that we can decrypt your files.
To decrypt all your files, you need to buy Dragon Decryptor.

#How to buy Dragon Decryptor?
1.buy 0.3 bitcoin at https://localbitcoins.com
2.contact us by email to get a payment address
3.send bitcoin to our payment address
4.after payment,we will send you Dragon Decryptor

Email:
dragon-support@pm.me
ID:’

The attackers claim to have used the RSA-2048 encryption algorithm. They demand a ransom fee of 0.3 Bitcoin (~$3,200 at the time of typing this post). The creators of the Dragon Ransomware offer the user to unlock three files free of charge as proof that they are in possession of a working decryption key. There is an email address given out as a contact detail – ‘dragon-support@pm.me.’

The good news is that the Dragon Ransomware is decryptable via the publicly available Aurora Decryptor. However, even if it was not, it is advisable never to pay cybercriminals as they are likely to not give you anything in return. Make sure you download and install a reputable anti-malware tool, which will keep your system safe going forward.

Related Posts

Trending

Most Viewed

Loading...