Start Ransomware
A brand-new Dharma Ransomware variant was spotted at the end of October 2019. Malware researchers dubbed it Start Ransomware. Most cyber crooks have neither the skill or the desire to build ransomware threats from scratch when they can just borrow the code of an already developed and established file-encrypting Trojan. As we already mentioned, the Start Ransomware belongs to the Dharma Ransomware family and exhibits most of the trademarks of the notorious data-locking Trojan.
Propagation and Encryption
The exact propagation method used in the distribution of the Start Ransomware is not yet known with any particular certainty. Usually, ransomware threats are spread with the help of fake emails. These emails often contain an infected attachment, which, when launched, would compromise the target's system. Authors of ransomware threats also take advantage of bogus pirated copies of legitimate applications as well as fraudulent software updates to spread their malicious creations. Upon infecting a host, the Start Ransomware will make sure to scan its data. The purpose of this action is to determine the locations of the files which match the criteria of the Start Ransomware. To guarantee maximum damage, ransomware threats tend to go after a very long list of filetypes. Next, the encryption process is triggered, and the Start Ransomware will start locking all the targeted files. This file-locking Trojan appends a new extension to all the locked files – '.id-.[starter@cumallover.me].start.’
The Ransom Note
When the encryption process has been successfully completed, the Start Ransomware will drop a ransom note on the compromised host. The note's name is 'FILES ENCRYPTED.txt,' and it is rather concise. In the note, the attackers do not mention what the ransom fee, which will be required from the victim is. However, they expect the user to contact them via email ‘starter@cumallover.me', where they would provide the victim with more information and further instructions.
Contacting cybercriminals is never advisable. Such individuals are known for their crooked methods, and you cannot expect them to hold their end of the bargain even if you give in and pay the ransom fee. Numerous users have been tricked into paying the fee but have then been left empty-handed. Instead of trying to cooperate with cyber crooks, you should look into obtaining a genuine anti-virus application and use it to remove the Start Ransomware from your PC.
