Ransomware removal experts are becoming overwhelmed by the number of ransomware discovered daily. This time the culprit is known as DDE Ransomware. The ransomware was unearthed on 25 July 2018. The ransomware has not yet displayed any distinct features and so far it has been considered similar to other ransomware.
Ransomware removal analysts have theorized it to be an updated version of the Crypt888FRansomware while its encryption methodologies bear similarity to the Ghost Army Ransomware. It has also been reported that the ransomware manages its infiltration in more than 50 systems. The ransomware has gotten its name from its malicious file ‘dde_ransomware.exe’. The name also serves the purpose of distinguishing it from the original ransomware.
According to ransomware removal experts, the ransomware infects a computer system when a victim opens a malicious file attachment that is macro-enabled. The file serves as a payload and the malicious scripts incorporated within it bypasses the system’s security and manages to link the Windows OS to a remote location. Afterward, an encrypted shell is downloaded to the system which then installs the DDE Ransomware completely in the victim’s PC. Subsequently, the ransomware begins to analyze and scan the PC so that any possible files can be found that could be encrypted.
Then the ransomware begins its encryption procedure. After it encrypts the files saved on the hard disk and appends its own extension. This means if a user had a file name ‘officedocument.txt’ then the file’s name will appear to be ‘officedocument.txt.encrypted’. The files that can be affected include multimedia files and office documents including popular extensions like .txt, .ppt, .xls, .mp4 etc.
After the encryption is completed, a ransom file is added into the desktop. The file has an extension of .html or .txt. The file contains text from the cybercriminals that state that a ransom has to be paid through TOR browser in the form of bitcoin.
