DUMP LOCKER Ransomware
Infosec researchers have come across a new type of ransomware called 'DUMP LOCKER.' This particular malware falls under the category of ransomware, which means it operates by encrypting data on victims' systems and then demands a ransom in exchange for the decryption key.
DUMP LOCKER was observed to use a deceptive tactic during its encryption process. While encrypting the data, the ransomware displayed a fake Windows update screen, tricking users into believing that the update was legitimate. In reality, the malware was busy encrypting the files in the background, making them inaccessible to the user.
A distinctive feature of the DUMP LOCKER Ransomware is the way it alters the filenames of the affected files. The malware appends the extension '.fucked" at the end of each filename. As an example, a file that was originally named '1.jpg' would appear as '1.jpg.fucked' after being encrypted, and so on.
Once the encryption process is completed, DUMP LOCKER displays a ransom note message through a pop-up window on the victim's system. This message informs victims of the threat that their files have been encrypted and provides instructions on how to pay the ransom to obtain the decryption tool and regain access to their data.
The DUMP LOCKER Ransomware Leaves Victims Unable to Access Their Data
Upon encountering the DUMP LOCKER Ransomware, victims are faced with a pop-up notification informing them that their files have been encrypted. To further intensify the situation, the message explicitly warns against restarting the infected device, emphasizing that doing so could lead to permanent data loss.
To proceed with the decryption process, victims are provided with a set of instructions to follow. They are directed to create a crypto-wallet and make a payment of $500 worth of Ethereum cryptocurrency. However, it's worth noting that the name of the cryptocurrency is misspelled twice within the ransom message.
The payment is instructed to be transferred to a specified wallet address. Still, interestingly, the ransom note makes a mistake by identifying the cryptocurrency as 'Bitcoin' initially before later correcting itself back to 'Ethereum.' The promise given is that upon successful payment of the ransom, victims will get the decryption tool to regain access to their locked files.
Generally, ransomware infections make decryption without the attackers' involvement near impossible. Only in rare cases where ransomware programs have significant flaws can decryption be achieved without the attackers' involvement.
However, it is essential for victims to exercise caution and skepticism regarding the promises made by the attackers. Even if the ransom demands are met, there is no guarantee that the promised decryption keys or tools will be provided. In fact, many victims do not receive the necessary decryption assistance despite complying with the ransom demands. It is crucial to understand that paying the ransom not only offers no guarantee of data recovery but also supports and encourages illegal activities.
Take the Security of Your Devices and Data Seriously
Protecting data and devices from ransomware attacks requires a multi-layered approach that combines proactive security measures and user awareness. Here are some essential security measures to help users safeguard their data and devices:
- Install and Update Anti-malware Software: A robust anti-malware program can detect and block known ransomware threats. Regularly update the security software to ensure it stays current with the latest threats.
- Enable Firewall Protection: Activate the built-in firewall on devices to monitor incoming and outgoing network traffic and block potentially malicious connections.
- Keep Your Operating Systems and Software Updated: Execute ]updates and security patches for operating systems, applications, and software regularly to fix known vulnerabilities that ransomware may exploit.
- Exercise Caution with Email Attachments and Links: Be wary of email attachments and links, especially from unknown senders. Avoid clicking on unknown links or downloading attachments from untrusted sources.
- Implement Strong Passwords and Two-Factor Authentication (2FA): Use complex and unique passwords for all accounts, including email and online services. Enable 2FA whenever possible to add an extra layer of security.
- Regular Data Backups: Create regular backups of essential data on external and secure storage devices. Ensure backups are disconnected from the network after the backup process to prevent them from being compromised.
- Disable Macros in Office Documents: Ransomware often spreads through malicious macros in Office documents. Disable macros by default and enable them only when necessary and from trusted sources.
- Secure Remote Desktop Protocol (RDP): If using RDP, implement strong passwords, limit access to specific IP addresses, and consider using a VPN for added security.
By adopting these security measures and maintaining a proactive and vigilant approach, users can significantly reduce the opportunities of falling victim to ransomware attacks and protect their data and devices from potential harm.
The text of the ransom note presented to the victims of the DUMP LOCKER Ransomware is:
'Attention
All Your Files are Encrypted by DUMP LOCKER V2.0Warning: Do not turn off your Computer EITHER you will LOST all your files
If you want to decrypt your files follow this simple steps:1.) Create CryptoWallet
2.) Buy Etherum worth of $500 DOLLAR
3.) Send $500 in BitCoin to Given Address
4.) After PAY Contact Us to get DECRYPT KEY
5.) You will get your Decryption Key
6.) Enter it in Given Box and Click on Decrypt
7.) Restart your Computer and Delete any encrypted file you findEtherrum Addres: 0x661C64F6F7D54CE66C48CA1040832A96BFF1FEDF
Email: DUMPLOCK@GMAIL.COM'