Dr Ransomware

Over the past few years, malware experts have uncovered hundreds of variants of the Dharma Ransomware distributed by different threat actors. Among the newest additions to the Dharma Ransomware is the Dr Ransomware.

Propagation and Encryption

Threats like the Dr Ransomware often are propagated via several infection vectors. The most common ones include:

• Phishing emails – These emails would either contain a fraudulent attachment or a corrupted link.
• Malvertising – Misleading advertisements, which are designed to propagate malware.
• Torrent trackers – Pirating media or software tools hide a lot of dangers, so users are advised against it.
• Fake social media profiles and pages – With the boom of social media in the past decade, cyber crooks have found ways to exploit it and distribute malware.

The Dr Ransomware would encrypt .doc, .docx, .pdf, .txt, .gif, .png, .jpeg, .jpg, .ai, .svg, .ps, .tif, .ico, .rar, .zip, .mp3, .mpa, .mp4, .mov, .mpg, .wmv, .xls, .xlsx, .ppt, .pptx, .pps, .wav, .wma and many other filetypes. You can rest assured that if your system gets breached by the Dr Ransomware most of your files will be encrypted securely and you will not be able to use them. When the Dr Ransomware encrypts a file, it changes its filename by adding a '.id-<VICTIM ID>.[dr.decrypt@aol.com].dr' extension to it. This means that a file that you had named ‘black-mulberry.gif’ will be renamed to 'black-mullberry.gif.id-<VICTIM ID>.[dr.decrypt@aol.com].dr.' Each victim gets assigned a different ID so that the attackers can easily differentiate between users.

The Ransom Note

Next, the Dr Ransomware drops its ransom note on the user's system. The name of the file that contains the message of the perpetrators, is 'FILES ENCRYPTED.txt.' The ransom message is very brief. The attackers do not mention the ransom fee but, rest assured, you will be asked to pay a hefty sum. The authors of the Dr Ransomware ask to be contacted via email – ‘dr.decrypt@aol.com.' They also provide another email address in case the user does not get a reply within 12 hours – ‘dr.decrypt01@aol.com.'

If you fall victim to the Dr Ransomware, it is advisable to avoid contacting its handlers. Creators of ransomware threats keep their promises rarely and provide users with the decryptors they need even if they get paid. Consider removing the Dr Ransomware from your system with a reliable, modern PC security tool.