DRCRM Ransomware
The DRCRM malware threat has been classified as ransomware. These threatening programs are used by cybercriminals to lock the data of their victims. If executed successfully on the breached device, DRCRM will impact documents, PDFs, databases, images, photos and many other file types stored there. All of the targeted file types will be encrypted and rendered unusable. The attackers will then attempt to extort the affected users or organizations for money.
As part of its invasive actions, the malware will modify the names of the locked files. First, the threat will create an ID string for the specific device that will be appended to all encrypted files. Then, an email address controlled by the hackers ('joaplcsg@gmail.com') will be added. Finally, '.DRCRM' will be placed as a new extension. When DRCRM completes the encryption of the victim's data, it will drop a text file named 'Read.txt' on the desktop of the device.
Inside the file, victims will find a ransom note with instructions. The attackers state that victims who wish to restore their files must first contact them by messaging the 'joaplcsg@gmail.com' email address. As part of their message, victims must include a specific file that the threat has created in the 'C:/ProgramData' location or on other drives. The name of the file should be similar to RSAKEY, and without this file, even the threat actors will be unable to restore the locked files.
The full text of DRCRM Ransomware's note is:
'All your files have been encrypted. If you want to restore them, write us to the e-mail:joaplcsg@gmail.com
inCase of no answer :joaplcsg@gmail.comWrite this ID in the title of your message ID-
send RSAKEY file stored in C:/ProgramData or other drives in email
Do not rename encrypted files.
Do not try to decrypt your data using third-party software and sites. It may cause permanent data loss.
The decryption of your files with the help of third parties may cause increased prices (they add their fee to our), or you can become a victim of a scam.'
