Cyber Security Center

DogeCrypt ransomware removal


DogeCrypt ransomware is file encrypting malware, a new variant of DesuCrypt ransomware. It encrypts files and adds the [dogeremembersss@protonmail.ch].DogeCrypt file extension to all affected files. Also drops note.txt ransom note.

 

DogeCrypt ransomwareDogeCrypt ransomware encrypts files and demands a payment in return for decrypting them. It’s a dangerous piece of malware because once it encrypts files, it’s not always possible to recover them. Once files are encrypted, they become unopenable until they’re decrypted. To decrypt them, it’s necessary to use a special decryption tool. Cyber crooks behind this ransomware will try to sell victims this decryptor, though the price is not specified in the note.txt ransom note dropped by the malware. Without that decryptor, it’s currently impossible to decrypt files.

Malware researchers, anti-virus vendors and organizations fighting cyber crime do release decryptors for various ransomware to help victims, but it’s not always possible for every ransomware. But for users with no options, waiting for a free decryptor may be the only chance to recover files. They should back up encrypted files and wait for a free decryptor to be released. However, users should be very careful about downloading decryptors from the Internet as there are many fake, even malicious ones out there. NoMoreRansom and Emsisoft, as well as other anti-virus vendors are safe sources for decryptors.

Currently, the only way to recover files for free is via backup. If users backed up their files prior to infection, they can access backup as soon as they delete DogeCrypt ransomware from their computers. However, the malware needs to be fully removed because otherwise, backed up files may become encrypted as well.

Ransomware distribution

It’s not uncommon for users to pick up ransomware via spam email attachments, torrents, software cracks, fake updates, ads, etc. Overall, users who have bad browsing habits often end up infecting their computers with malware. Developing better habits could go a long way towards helping users avoid malware.

Spam emails are often used to distribute malware. Cyber criminals obtain email addresses from hacking forums and then use them to launch spam email campaigns. Those emails carry malware in attachments, and users end up infecting their computers when users open those files. But in most cases, it’s not difficult to avoid ransomware emails. They’re quite obvious, provided you know what to look for. The first sign is the sender’s email address. If it’s nonsense or completely random, it’s likely not a legitimate email and users should not open the attachment. Another sign is grammar and spelling mistakes. For some reason, spam and malicious emails are always full of them. But the best way to find out whether an email attachment is malicious is scanning it with anti-virus software or VirusTotal.

It’s also possible to infect a device with ransomware by downloading torrents and software cracks. Torrent sites and forums for pirated content are not regulated, and that allows cyber criminals to upload malware disguised as popular content, such as movies, TV shows, games, software, etc.

What does DogeCrypt ransomware do?

As soon as the ransomware initiates, it will start encrypting files. Like all ransomware, it targets photos, images, videos, documents, etc. All affected files will have .[dogeremembersss@protonmail.ch].DogeCrypt added to them, which is how users will be able to know which ransomware in particular has infected them. Files with that extension will not be openable, unless they are decrypted first. A ransom note note.txt will be dropped once files are encrypted. The note explains that files are not damaged, merely modified, and to recover them users should email dogeremembersss@protonmail.ch or omnisystems@airmail.cc. The price is not mentioned in the note, though it will likely be somewhere between $100 and $1000, as that usually is the price range.

Here is the DogeCrypt ransom note:

WARNING!
Your files were encrypted by DogeCrypt.

The files are not damaged or destroyed! They’re only modified
If you want to reverse the modification conatact us:
dogeremembersss@protonmail.ch
or
omnisystems@airmail.cc

But paying the ransom is not recommended. Users should keep in mind that it’s cyber criminals they are dealing with, and there is nothing stopping them from simply taking the money and not sending a decryptor. This has happened to many victims, who were left with encrypted files and stolen money.

Unfortunately, because there is no free decryptor available, backup is the only way to recover files.

DogeCrypt ransomware removal

Anti-malware software should be used to delete DogeCrypt ransomware from the computer. Manual DogeCrypt ransomware removal may cause even more damage, thus users should use anti-malware software. Once the malware is no longer present, users can access their backup to start file recovery.

DogeCrypt ransomware is detected as:

  • HEUR:Trojan.Win32.Generic by Kaspersky
  • Ransom.DesuCrypt by Malwarebytes
  • Ransom:Win32/InsaneCrypt.A by Microsoft
  • ML.Attribute.HighConfidence by Symant
  • FileRepMalware by AVG