0day Ransomware

Malware researchers have spotted a new data-locking Trojan emerging. This ransomware threat is called the 0day Ransomware. When dissected, the 0day Ransomware revealed that it belongs to the widely popular Dharma Ransomware family.

It is not clear how exactly the 0day Ransomware is being spread, but cybersecurity experts believe that the infection vectors employed in propagating the 0day Ransomware may include mass spam email campaigns, infected pirated software, as well as faux application updates. When the 0day Ransomware manages to infect a system, it will trigger a scan. The idea behind the scan is to locate the files, which the 0day Ransomware was programmed to go after. When this step is completed, the 0day Ransomware will continue the attack by encrypting the data targeted. When the 0day Ransomware locks a file, it changes its filename by adding an extension. Following the pattern of most ransomware threats, which are variants of the Dharma Ransomware, the extension applied is - '.id-.[my0day@aol.com].0day.' When the encryption process of the 0day Ransomware is completed, this data-locking Trojan will drop a ransom note. Again, not straying from the path of threats that belong to the Dharma Ransomware family, the ransom note is named ‘RETURN FILES.txt.’ In it, the attackers do not specify how much cash they would like to be paid. However, they provide an email address where they wish to be contacted – ‘my0day@aol.com.’

We advise you strongly to resist the urge to contact or negotiate the cybercrooks behind the 0day Ransomware. Such cybercriminals will not be helpful and will often trick their victims by not holding up their end of the deal and providing a decryption key. A safer way of approaching this situation is downloading and installing a legitimate anti-virus suite and wiping the 0day Ransomware off your PC.