Dungeon Ransomware
Malware researchers have identified a brand-new data-locker, which belongs to the Xorist Ransomware family. This new threat has been dubbed the Dungeon Ransomware. Many cybercriminals who are not very experienced in the field would base their creations on already existing file-encrypting Trojans, like in the case of the Dungeon Ransomware. This significantly lowers the barrier of entry and enables even inexperienced con-artists to create and distribute file-lockers like the Dungeon Ransomware.
Propagation and Encryption
Threats like the Dungeon Ransomware are usually designed to go after a variety of filetypes, which are likely to be found on the system of every regular user. This would include spreadsheets, databases, documents, presentations, audio files, images, videos, and many other types of files. To lock the files that it targets, the Dungeon Ransomware applies an encryption algorithm. Unfortunately, there is yet to be released a free decryption tool that would reverse the damage done by file-lockers that belong to the Xorist Ransomware family. The Dungeon Ransomware marks all the encrypted files by adding a new extension to their names – '.([dungeon]-0_0).' This means that a file, which was named 'ceramic-pillar.png,' initially, will be renamed to 'ceramic-pillar.png.([dungeon]-0_0)' after the encryption process has been completed. The Dungeon Ransomware may be propagated via spam emails, malvertising operations, fake social media campaigns, torrent trackers, bogus application updates/downloads, etc.
The Ransom Note
After completing the encryption process, the Dungeon Ransomware would drop a ransom note on the compromised host. The name of the file that contains the ransom note is 'HOW TO DECRYPT FILES.txt.' On top of this, the Dungeon Ransomware also replaces the wallpaper of the victim with a copy of the ransom message. In the ransom message, the attackers ask to be paid in Bitcoin but do not specify the amount. The authors of the Dungeon Ransomware ask to be contacted via email – ‘1413201760@qq.com.' The attackers also give a 24-hour deadline for the victim to contact them.
It is not a good idea to get in touch with conmen like the Dungeon Ransomware creators. There are zero guarantees that you will be provided with a decryption key, even if you pay the ransom fee. This is why it is best to remove the Dungeon Ransomware from your PC with the help of a modern anti-virus solution.
