DriedSister Ransomware
The DriedSister Ransomware is an encryption ransomware Trojan that is being used to attack computer users located in Japan. The DriedSister Ransomware was first observed on February 15, 2018. The DriedSister Ransomware is being distributed using spam email messages. Spam messages carrying the DriedSister Ransomware tend to come from Yahoo email accounts and will contain attached Microsoft Office files. These files will use embedded macro scripts to download and install the DriedSister Ransomware onto the victim's computer. Once the DriedSister Ransomware has been installed, it will make the victim's files inaccessible in an attempt to demand a ransom payment from the victim.
Table of Contents
Symptoms of the DriedSister Ransomware’s Presence on a Computer
The DriedSister Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The DriedSister Ransomware will target numerous file types, including images, audio, video, databases, and numerous, other document types. The DriedSister Ransomware will mark the files encrypted by the attack by adding the file extension '.下物妹!,' which translates into 'under the little sister' to the end of each affected file's name. The following are some of the file types that are targeted in attacks like the DriedSister Ransomware:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The DriedSister Ransomware Ransom Note and Payment
The DriedSister Ransomware displays its ransom note in the form of a program window with the title '干物妹!身代金ウイルス,' which translates into 'Dried Sister! Ransomware Virus.' The DriedSister Ransomware ransom note contains the following text in Japanese:
'こんにちは!私はあなたが矹た身代 金のウイルスです。
文香は私によって萌化されてし巧。'
An approximate translation of the DriedSister Ransomware ransom note into English reads:
'Hello! I am a ransomed virus of yours.
Fumicita was grown and developed by me.'
The DriedSister Ransomware ransom note contains an image from a popular Japanese television show, not an uncommon occurrence with threats, which are often branded after pop-culture images and icons.
Protecting Your Data from Threats Like the DriedSister Ransomware
The best protection against the DriedSister Ransomware and similar threats is to have a reliable security program that is fully up-to-date and a backup of your files. A strong security program will be capable of removing the DriedSister Ransomware infection itself, but will not help victims restore their files after an attack. The best way to protect the files from being lost irrevocably is to have file backups. This combination of security software and file backups is typically the best way to ensure that your data is guarded against threats like the DriedSister Ransomware. Since the DriedSister Ransomware is mainly distributed using corrupted spam email attachments, learning to handle this online content safely is one of the most important steps that computer users can take to prevent the DriedSister Ransomware infections.
