Drweb Ransomware
Cybersecurity experts have detected a new ransomware thread. It was given the name Drweb Ransomware, and upon deeper inspection, it was discovered that this file-locking Trojan is a variant of the infamous Dharma Ransomware (also called Crysis Ransomware). Instead of building a whole data-encrypting Trojan from scratch, many cybercriminals employ this tactic and rework an already well-established ransomware threat slightly.
Ironically enough, the name of this threat is derived from the attackers impersonating the name of an anti-virus engine popular in Russia.
Experts believe that the Drweb Ransomware may be propagated via mass spam email campaigns, infected pirated content and bogus software updates. When Drweb Ransomware worms its way into your system, it will begin performing a scan. The purpose of this is to identify and locate the files, which it was programmed to encrypt. After the said files have been located, the Drweb Ransomware would start locking them by employing its encryption algorithm. After going through Drweb Ransomware's encryption process, the files would have their extensions changed. Like pretty much all other threats from the Dharma/Crysis Ransomware family, the Drweb Ransomware also applies the same pattern when altering file extensions - .id-
We recommend you to decline this offer and stay away from cybercriminals. The attackers will promise to provide you with a decryption tool but will likely trick you and take your hard-earned cash while also leaving you empty-handed with a computer full of unusable files. A better approach is to install a trustworthy anti-malware suite and then have it wipe your computer clean. Then, if you wish, you can try to retrieve some of the files locked by Drweb Ransomware via a third-party data-recovery utility.
