Every second day a new ransomware strain appears on the block. This is a demonstration of the fact that cryptovirological operators are not slowing down and are constantly challenging the cyber security and ransomware removal measures devised by security experts. Malware hunters have recently discovered a new ransomware through compromised web links called Dragnea.
Initial investigations suggest that the ransomware locks the screen of the affected device. Researchers are still trying to find out whether its cryptovirological activity also affects the stored files on the device. All the details gathered by the security researchers regarding its activity are given below.
- Dragnea ransomware penetrates into Windows registry files to develop the quality of persistence in its activity. In simple words, this trait of Dragnea ransomware enables it to lock down the screen every time the affected device is switched on.
- Since Dragnea ransomware locks down the screen, therefore the ransom note directly appears on the display. It is worth mentioning that the ransom note is written in the Romanian language. It notifies the affected user that all the files stored on their device are locked and will be deleted soon if they don’t pay a ransom of $100.
Security Experts and Law Enforcement Agencies Advise Against Ransom Payment
Affected users are strongly advised against payment of extortion money to the attackers for ransomware removal. There is no guarantee that they would provide the decryption key after receiving the ransom. In addition, ransom payments might result in the encouragement of more such activities.
As it stands, Dragnea ransomware is in its budding phase. Therefore, researchers are still trying to work out an effective ransomware removal action for this cryptovirological strain. It would be better to get in touch with some professional ransomware removal experts following such attacks instead of playing into the hands of cryptovirological operators.
