Dviide Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 11 |
| First Seen: | June 6, 2017 |
| Last Seen: | March 1, 2023 |
| OS(es) Affected: | Windows |
The Dviide Ransomware is an encryption ransomware Trojan that was first observed in the final week of May 2017. The name seems to be a misspelling of the word 'divide,' but all the different content associated with the Dviide Ransomware includes the word spelled this way. The Dviide Ransomware have been distributed through the use of corrupted email attachments delivered using spam email messages actively. Like other ransomware Trojans, the Dviide Ransomware is designed to enter a computer, encrypt the victim's files, and thenask for a ransom payment from the victim. The Dviide Ransomware directs the victims to the URL dviide.xyz, where the decryption key is supposedly held. Malware analysts have linked the Dviide Ransomware to a previous ransomware Trojan known as the Wanna Subscribe 1.0 Ransomware, which presented a nearly identical behavior. Like its predecessor, the Dviide Ransomware uses the AES-256 encryption to make the victim's files inaccessible and then instructs the victim to connect to a Web page to access the decryption key.
Table of Contents
The Dviide Ransomware can Encrypt Numerous File Types
The Dviide Ransomware is a fully implemented ransomware Trojan, capable of encrypting the victims' files and carrying out effective ransomware attacks on its victims. The Dviide Ransomware will target a wide variety of file types in its infection process, ranging from media files such as images, video and audio, to user generated files created with software such as Microsoft Office, Libre Office, Adobe Acrobat, and many others. The Dviide Ransomware will encrypt files on all local drives, as well as on shared directories (as long as they are not password protected). The Dviide Ransomware also will encrypt data on removable memory devices connected to the infected computer, such as SD cards, USB memory drives and mobile devices. The Dviide Ransomware uses a strong encryption algorithm that makes the file's data inaccessible. The files encrypted by the Dviide Ransomware will be identified with the file extension '.dviide,' which is added to the end of each file's name. After encrypting the victim's file, the Dviide Ransomware will display the following message on the infected computer:
'Your important files and documents have been encrypted by Dviide! This means
That you will be no longer able to access the files without a key. To get this key go to: https//dviide(dot)xyz/ or 212.237.25.151.
Paste your encryption key here:
[TEXT BOX]'
Following the instructions in the Dviide Ransomware message is not advised, especially visiting the Dviide Ransomware website. Although the Dviide Ransomware does not have a corrupted code currently, it is not unreasonable to believe that the same people responsible for the Dviide Ransomware could create an attack website just as easily, using an exploit kit and corrupted scripts to further infect any visitors to this URL.
Responding to a Dviide Ransomware Infection
Malware researchers advise computer users to avoid paying any ransom or visiting the website (which does not include the decryption key, regardless of the Dviide Ransomware message). One curious aspect of the Dviide Ransomware is that it does not ask for payment in BitCoins, pointing to the theory that the Dviide Ransomware may be simply unfinished (in which case, it is possible that more polished versions of the Dviide Ransomware may continue to pop up). As with other ransomware Trojans, malware analysts advise computer users to take steps to protect their data. The best protection against the Dviide Ransomware and other encryption Trojans is to have file backups on the cloud or an removable memory device. Apart from file backups, a security program fully up-to-date can be used to intercept the Dviide Ransomware before it manages to cause too much damage to the victim's files. Since the Dviide Ransomware may be delivered using spam email attachments, like many other encryption ransomware Trojans, having software that filters out these messages and learning how to spot these tactics is an essential preventive measure.
SpyHunter Detects & Remove Dviide Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 98031e88906a9f1dbe37b90f445eecc9 | 1 |
