Ransomware operators are constantly developing new cryptovirological strains. This is the reason why malware hunters are always busy detecting any new form of ransomware or a variant from an existing cryptovirological family. In the latest scavenging outing, cybersecurity researchers have stumbled upon a new ransomware strain that goes with the name Dablio. According to preliminary investigations by ransomware removal experts, Dablio is written in Python programming language. Some earlier ransomware scripts were also worked out in Python.
Ransomware strains usually append a marker after the extension of the locked down file. However, Dablio is unique in this aspect. Instead of affixing a new extension to the affected files, it appends the word ‘encrypted’ before the file name.
As soon as encryption of the files completes, a ransom note appears on the desktop screen of the affected device. From the content of the note, it looks like the attackers are not willing to give any concession to the targeted users. For instance, they are not offering free decryption of a couple of files, which is an unwritten norm in such illicit cyber activities.
The Attackers haven’t mentioned the extortion amount for providing the ransomware removal key. Nevertheless, they have provided a link in the note for the affected users to buy Bitcoins— the standard currency that is used to pay extortions to ransomware operators.
Experts are still trying to figure out the method used by Dablio operators to deliver the payload of the malware. There are strong chances that they have used a spam email campaign for infiltrating many devices all at once. Ransomware removal experts, therefore, always advise against downloading any email attachment from unknown senders no matter how legitimate they look.
Experts have also noticed that apart from encrypting stored files, Dablio is also slowing down the computation of targeted devices, which suggests that they might also be used for mining cryptocurrency.
