Spiteful Doubletake Ransomware

The Spiteful Doubletake Ransomware is an encryption ransomware Trojan that was first observed on January 27, 2019. The Spiteful Doubletake Ransomware seems to be a proof of concept of ransomware encoded using the Perl programming language. Unfortunately, it is often quite easy for criminals to take these proof of concept threats and convert them into full-fledged malware attacks. It is paramount that you take precautions against encryption ransomware Trojans like the Spiteful Doubletake Ransomware, which are common and can be quite destructive increasingly.

How the Spiteful Doubletake Ransomware Affects Your Files

It is clear that the Spiteful Doubletake Ransomware is early in its development. The Spiteful Doubletake Ransomware uses the Blowfish cipher and CBC to carry out its attack. The Spiteful Doubletake Ransomware attack lets the files marked with the file extension '.enc,' added to each affected file's name. The purpose of the Spiteful Doubletake Ransomware, like most encryption ransomware Trojans, is to encrypt the victim's files to take them hostage. The Spiteful Doubletake Ransomware seems to be limited only to a test folder located on the victim's Desktop. However, it would not be difficult at all to modify the Spiteful Doubletake Ransomware to carry out an attack that encrypts the entirety of the victim's data. Threats like the Spiteful Doubletake Ransomware, in their final form, typically target the user-generated files, which may include files with the following extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Spiteful Doubletake Ransomware's Ransom Demand

It is clear that in its current form, the criminals behind the Spiteful Doubletake Ransomware have no intention of obtaining ransom payments from the victim. After the Spiteful Doubletake Ransomware encrypts the victim's files, it displays a message that flashes by using red lettering over a black background. The message reads 'DO NOT HALT OPERATION - FILE CORRUPTION WILL OCCUR!.' After this, the Spiteful Doubletake Ransomware displays a dialog box with the title 'Spiteful Doubletake – Mode:LIVE,' which contains the following text:

'All your files are belong to me!!!
You persn foolish, all youre files have i encrypted and you must pay NOW!
If you dont youfle be gone forever
You must pay now my bitcoin address $500 dollars usd cash.
You will never ever see your files again if you do not pay.
Pay bitcoin address [random characters]
[Pay Now!?BUTTON]'

When the computer users click on the button, a new dialog box named 'Sample' displays the following message:

'You fool! I'm not going to actually give you your files back!
But I will take your money though.
[Okay...|BUTTON]'

Although the Spiteful Doubletake Ransomware is unfinished currently, the encryption attack is quite effective and could lead to new, Perl-based encryption variants appearing in 2019.