Ransomware removal experts recently found out that the popular ransomware known as Satan ransomware has recently undergone some major changes including rebranding as well as modified its operating nature. It has been renamed as DBGer ransomware. Similar rebranding can be expected from other ransomwares too in the near future.
Background of Satan Ranswomware
Satan ransomware first started its mayhem at the start of 2017. It is a Ransomware as a Service (RaaS). This means that any cybercriminals can modify it to create a customized ransomware. With its rebranding as DBGer, the ransomware has undergone a few changes according to ransomware removal experts.
How it Works?
The modus operandi of DBGer is to encode computer files including multimedia, databases and text documents through the use of Advanced Encryption Standard (AES). The algorithm encrypts these files and blocks any access from users to open and view them. According to ransomware removal experts, Mimikatz is then used to steal user’s login information.
Mimikatz is one of the most prominent changes in DBGer since its rebranding. Mimikatz is a password dumping utility. It dumps passwords and misuses login details to harm other devices. DBGer spreads through the use of a certain technology known as EternalBlue which spreads between computers systems by the distribution of malicious data. As this ransomware once corrupts a computer, various activities are performed by it.
After successfully corrupting the system, the attack provides a text document in the desktop that contains the details of the ransom. The ransom is usually a single Bitcoin in return of which they promise an encryption key that can help to decode the files and remove ransomware. The files that are encoded by the attacks are distinguished through an extension of “.dbger”. The duration given by attackers is three days to pay the ransom and failure to comply with it is threatened with the leak of data.
DBGer propagates through various distribution methods to its victims. A common mechanism is spam email campaigns with malicious attachments. Moreover, free software and files available on internet are also often corrupted with DBGer.
