- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
We want to inform you about a newly found ransomware-type computer infection called Dangerous Ransomware. We have found that it can encrypt your personal files and for this reason alone you have to remove it. Its developers might want you to purchase a decryption key, but from what we have observed it seems that the current build is a test version because it does not drop a ransom note and our analysis of this ransomware has shown that it contains only a fake email address that you are not shown if your PC were to become infected with this ransomware. If you want to find out more about this application, please continue reading this short description.
Most ransomware consist of one small executable file that can be distributed in many ways. It is all down to the imagination and capabilities of the developers. In this particular case, Dangerous Ransomware is known to be distributed through malicious emails that we think are sent from a dedicated email server. The information we have received suggests that the emails feature a zipped folder that features this ransomware’s executable that might be named DANGEROUS_RANSOMW.exe, but it is likely that the file can be renamed because the would-be victim can become suspicious and not open the file. Nevertheless, it is also possible that the zipped file archive can feature a .vbs file that runs a malicious script when opened and downloads this ransomware’s executable onto the computer. This ransomware can be dropped on %UserProfile%, %UserProfile%\AppData\Roaming, %AppData%, %LocalAppData% or %Temp% folder. This particular program is similar to Cerber Ransomware, but there is no indication that both of them were created by the same developers.
If Dangerous Ransomware were to infect your computer, then it would scan it for files of interest and start encrypting them. For example, it can encrypt MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, and so on. We think that it should use an advanced AES or RSA encryption algorithm and generate unique private and public keys. The public key is used to encrypt the files and the private key is used to decrypt the files. However, the problem is that the private key is sent to the command and control server and stored until you play the ransom, or so it should be. However, since this ransomware is still in development, it does not provide you with the opportunity to buy the decryption key. The analysis of the source code has revealed that it features the email address email@example.com which, from the looks of it, was included for laughs because the current build features. Once it has finished encrypting your files it should drop a ransom note called “troll.txt” on the desktop, but that is not always the case, mind you.
We do not know the contents of “troll.txt” because it might just be an empty file due to the fact that this ransomware is still in development. However, if it were to contain information, then we assume that it should provide you with information such as the email address of the criminals, the Bitcoin wallet address because that is the most popular payment method that cannot be traced back to the developers, and the sum to be paid, in addition to other information.
In closing, Dangerous Ransomware is still in development, but is still a dangerous computer infection that can encrypt your files and there is no way of knowing whether you will be able to decrypt them. At present, there is no free decryption tool, but paying the ransom is also not an option because the cyber criminals might not give you the decryption key. Therefore, we recommend that you remove it from your PC using our guide or an antimalware program such as SpyHunter which makes light work of this particular infection.