Multi-License Discount Quote
Threat Database Ransomware Dzen Ransomware

Dzen Ransomware

By Mezo in Ransomware
Translate To:
English

Dzen is a type of ransomware that cybersecurity experts identified while investigating potential malware threats. Upon closer examination, it was found that Dzen operates by encrypting various types of files on devices it infects. Notably, it alters the original filenames of these encrypted files, appending them with the victim's unique ID, an associated email address, and the file extension '.dzen.'

For example, a file originally named '1.png' would be changed to '1.png.id[9ECFA74E-3546].[vinsulan@tutamail.com].dzen', and similarly, '2.pdf' would become '2.pdf.id[9ECFA74E-3546].[vinsulan@tutamail.com].dzen', and so forth. Moreover, victims of the Dzen Ransomware are typically presented with two ransom notes named 'info.txt' and 'info.hta.'

Furthermore, it has been confirmed that the Dzen Ransomware is a variant belonging to the Phobos malware family, indicating its association with a broader category of threatening software.

The Dzen Ransomware Could Leave Victims Locked Out of Valuable Data

The ransom note associated with the Dzen Ransomware serves as a direct communication to its victims, informing them that their data has been encrypted. According to the attackers the only way to restore the data is with the decryption software in their possession. It strongly advises against any attempts to decrypt the data independently or with the assistance of third-party software, highlighting the potential risk of permanent data loss if such actions are pursued.

Furthermore, the note cautions victims against seeking the help of intermediary or recovery companies, suggesting that doing so may lead to deception or further compromise of their data. The criminals behind the Dzen Ransomware offer assurances that the incident will be kept confidential, and once the ransom is paid, they claim that all downloaded data will be deleted. They also supposedly promise not to sell the victim's personal data or exploit it for future attacks.

However, there's a sense of urgency conveyed in the note, as the criminals set a strict deadline of two days for the victim to initiate contact. Failing to meet this deadline will supposedly result in the stolen data being shared with interested parties. Contact details are provided through two email addresses (vinsulan@tutamail.com and vinsulan@cock.li), along with instructions to include a specific ID in the subject line of the message.

The Dzen Ransomware presents a multifaceted threat beyond just file encryption. It is capable of disabling firewalls, rendering systems vulnerable to further harmful activities. Additionally, it actively deletes the Shadow Volume Copies, effectively hindering attempts at file restoration.

Moreover, Dzen is equipped with advanced features that enable it to gather location data and employ persistence mechanisms. This allows it to selectively exclude certain areas from its operations, thereby increasing its efficacy and evading detection.

It Is Crucial to Protect Your Data and Devices from Malware and Ransomware Threats

Protecting data and devices from malware and ransomware threats is crucial in today's digital landscape. There are several essential steps users can take to enhance their protection:

  • Keep Software Updated: Ensure that operating systems, applications, and security software are regularly updated by installing all available security patches. These updates may be used to include fixes for vulnerabilities that cybercriminals exploit to deliver malware.
  •  Use Reliable Security Software: Install reputable anti-malware software on all of your devices. A trustworthy security will be a good help when detecting and removing threatening programs before they cause harm.
  •  Enable Firewall Protection: Activate the firewall on all devices to build a barrier between your network and potential threats from the Internet. Firewalls observe and control incoming and outgoing network traffic based on predetermined security rules.
  •  Be alert with Email Attachments and Links: Be wary of unsolicited emails, especially those containing attachments or links. Opening attachments or accessing links from unknown or suspicious senders should be avoided, as they may lead to malware infections.
  •  Practice Safe Browsing Habits: Exercise caution when accessing websites and files from the Internet. Restrict your visits to reputable websites and avoid downloading software from unfamiliar sources. Consider using ad-blocking and script-blocking browser extensions for an added layer of protection.
  •  Use Strong, Unique Passwords: Create strong, complex passwords for all accounts and devices. Avoid using easily guessable passwords like 'password' or '123456.' Using a professional password manager to generate and store unique passwords for each account could be helpful.
  •  Implement Two-Factor Authentication (2FA): Enable 2FA wherever possible to add another level of security to your accounts. Typically this involves a second form of verification, including a text message code or authentication app, in addition to your password.
  •  Regularly Back Up Data: Back up valuable or sensitive files and data regularly to an external hard drive, cloud storage service, or both. In the event of a ransomware attack, the available backups ensure that victims can restore your files without having to pay the ransom.
  •  Educate Yourself and Look for Information: Stay informed about the latest cybersecurity threats and trends. Educate yourself and your family members about the risks of malware and ransomware, and teach them how to recognize and avoid suspicious online behavior.

By following these essential suggestions and remaining vigilant, users can better protect their data and devices from malware and ransomware threats.

The full text of the ransom notes dropped by the Dzen Ransomware is:

'Your data is encrypted and downloaded!

Unlocking your data is possible only with our software.
Important! An attempt to decrypt it yourself or decrypt it with third-party software will result in the loss of your data forever.
Contacting intermediary companies, recovery companies will create the risk of losing your data forever or being deceived by these companies.
Being deceived is your responsibility! Learn the experience on the forums.

Downloaded data of your company.

Data leakage is a serious violation of the law. Don't worry, the incident will remain a secret, the data is protected.
After the transaction is completed, all data downloaded from you will be deleted from our resources. Government agencies, competitors, contractors and local media
not aware of the incident.
Also, we guarantee that your company's personal data will not be sold on DArkWeb resources and will not be used to attack your company, employees
and counterparties in the future.
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed.
Your data will be sent to all interested parties. This is your responsibility.

Contact us.

Write us to the e-mail:vinsulan@tutamail.com
In case of no answer in 24 hours write us to this e-mail:vinsulan@cock.li
Write this ID in the title of your message: -
If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed.
Your data will be sent to all interested parties. This is your responsibility.

Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Trending

Most Viewed

Loading...