Damage Ransomware – Investigation Report
Damage Ransomware is on the loose. Online security experts have mentioned its name on the list of destructive ransomware on February 22, 2017. This ransomware has nothing new to offer. Actually, it is identical to CryptoShield ransomware. In order to encipher certain types files saved on local disk or mounted drives, it use a custom cipher made of combining open source AES-256 and RSA 2048 ciphers. Hence, enciphered files on your computer may feature ‘.Damaged’ extension uniquely. You should also know that at the time of writing the article, Damage Ransomware is only available in English language. Apparently, it is a standalone project and it doesn’t have any association with HiddenTear or EDA2 project. This ransomware is a long-standing practice among threat actors to abuse the macro functionality in PDF readers and Word document processors that enables remote installation of malware.
Knowing about its intrusion is essential because if you don’t know it, you will repeat the same mistake again and again. Taking advantages of it, ransomware will target your computer repeatedly and try to extort money from you. In most cases, Damage Ransomware is delivered to your computer via spam emails. Such emails arrived from unverified source, featuring phishing text, attention seeking subject line and word document as attachment. You may fail to recognize such spam email and proceed to load attachment (a bad macro script) because they use the name of big companies, banks, Government organization, courier service and so on. However, if you pay your best you will find something suspicious about these emails.
Other Noticeable Activities of Damage Ransomware
Following successful attack, Damage Ransomware performs a number harmful activities on your computer that you notice by yourself. Fist, you may see that some of your important files from commonly used data containers have been enciphered and featuring ‘.Damaged’ extension. When you click to open them, you see error message. Next, you find ransom note file – ‘Damage@india.com[random characters].txt’ file on your desktop and inside each folder having enciphered file. This text file features threatening message and offers victims a deal – pay off ransom and get file decryption key. However, security advisers request victims not to pay off ransom.
Data Recovery Option
If your important files are enciphered with Damage Ransomware then instead paying off ransom you should try some alternative methods to get back your files. If it works, you will recover your files for free. First, you should try System Restore. But if it doesn’t work properly or you haven’t created system restore point earlier then you should make use of Data Recovery Software like Shadow Explorer to recover your files.
However, before starting file recovery process, you should eliminate Damage Ransomware and associated files from your computer. Though, follow the given ransomware removal instruction:
No comments:
Post a Comment