The Dangerous Ransomware is a Visual Basic-based Trojan that tries to collect ransoms from its victims after encrypting the data on their PCs, such as documents or pictures. The symptoms of the Dangerous Ransomware infections are visible after the Trojan completes its attacks by locking your files, modifying their filenames, and creating a text ransoming message. Although the importance of backups for reducing the Trojan’s potential for harm shouldn’t be understated, most users also can detect and delete the Dangerous Ransomware with their standard anti-malware protection.
A Little Danger for Your Files
In March, the Cerber Ransomware may be revisiting PC users with a new name. New Trojans bearing the brand label of the Dangerous Ransomware are just being confirmed for live distribution on the Web and show significant similarities to that old threat, which has undergone multiple revisions since its introduction in early 2016. Like the Cerber Ransomware, the Dangerous Ransomware uses a Visual Basic component for facilitating file-encrypting attacks against the infected system.
The Dangerous Ransomware installs itself through an executable with unknown distribution methods, although threat actors with past ties to the Cerber Ransomware are notable for using website Exploit Kits. The routine places the Dangerous Ransomware’s core file in the Users directory. Then, the Trojan launches automatically and with no immediate symptoms, commencing with a system scan for specific formats of data.
During its scan, the Dangerous Ransomware enciphers your files, such as documents, with an unknown encryption standard. It also may include changes to their extensions or names from the encryption separately, which blocks the content from opening. As it finishes, the Dangerous Ransomware creates a Notepad message that malware experts have yet to see in other Trojans’ campaigns.
The contents of the Notepad file asks for the victim to contact a provided e-mail address for assistance but provides no other details, such as the quantity of the ransom or the encryption algorithm in use.
The Cheapest Way of Buying Safety for Your Files
The Dangerous Ransomware may or may not be an official update for the Cerber Ransomware, but, regardless, is representative of the continuing risks behind not saving your work with some degree of redundancy. Many file-encrypting Trojans include some defenses against free decoding solutions and even may delete backups, such as your Windows Shadow Copy. Backing files up to a storage drive that you disconnect from your online PC or using cloud storage services both offer recovery options that don’t depend on decryption.
Malware experts recommend disabling exploitable browser features like JavaScript and monitoring both general downloads and e-mail attachments, all of which are infection vectors for threats of the Dangerous Ransomware’s classification. Although the Dangerous Ransomware doesn’t show any evidence of corrupting the underlying operating system, any information, such as text documents, should be assumed to be at high risk for being locked. Just under half of most major AV brands do detect and delete the Dangerous Ransomware’s samples currently-circulating.
The Dangerous Ransomware is an accurately-named Trojan but also is no more or less deadly to your files than other file-encoding threats. Users with the prudence to not assume that their PCs never will be infected are less likely to place themselves in a ransoming situation and can continue trusting in the defenses offered by standard hard drive backup and anti-malware services.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]
