DarkKomet is a popular and threatening backdoor Trojan, which has the ability to provide attackers with remote access to the victim’s computer. Apparently, wannabe cyber crooks have decided to use the DarkKomet’s name for their low-quality Ransomware titled the Darkkomet Ransomware. This threat is not built from scratch and, instead, its author has decided to take advantage of the ready-to-use open-source HiddenTear project. HiddenTear is a popular open-source file encryption Trojan, which was meant to be used for educational purposes, but the cyber crooks often use its simply code to craft their own ransomware variants such as the EyLamo Ransomware and the NSMF Ransomware.
The good news is that just like the original HiddenTear, the DarkKomet Ransomware also uses a flawed method to generate the encryption key, and this means that victims of this crypto-threat might be able to recover their data without the help of the attackers. However, before taking a look at the recommended recovery method, we should see how does the DarkKomet Ransomware operate exactly. When this ransomware is deployed to a computer, it will seek to photos, archives, images, and commonly used documents. However, the current variant of the DarkKomet Ransomware is only able to harm the files stored on the desktop, and it is unable to encrypt files in other destinations. After encrypting all suitable files, the DarkKomet Ransomware will make sure to leave a ransom note for the victim to find. By default, HiddenTear uses the ‘READ_IT.txt’ file to store the ransom message, and the DarkKomet Ransomware does exactly the same. In addition to using the default ransom note name, the DarkKomet Ransomware also appends the default ‘.locked’ extension to the encrypted files. The note does not include much information, and it simply tells users to contact [email protected] for additional information.
The sample of the DarkKomet Ransomware that malware researchers detected also appears to carry a payload related to a Remote Administrator Trojan (RAT) so that it is possible that the DarkKomet Ransomware’s attack might end up being quite serious, despite that it will only encrypt files on the desktop. If you somehow get infected by a working variant of the DarkKomet Ransomware that encrypts files in locations different from the desktop, then you must remember that it is not necessary to pay money to the perpetrators to get your files back. Victims of the DarkKomet Ransomware must use a legitimate anti-malware utility to dispose of the corrupted files, and then run a free HiddenTear decryptor, which will help them get their files back.