Dot Ransomware

In this article, we will discuss a ransomware-type software called Dot Ransomware. We have received information that its development was started on 19 February 2017 and was frequently updated during the development process. Removing it is highly recommended because you cannot count on the cyber crooks to send you the decryption password. Furthermore, the cost of the password can be unjustifiably high, provided that it has encrypted files that are not that important. Nevertheless, it is quite dangerous because if it manages to encrypt your files, then the only way to get them back is to comply with the cyber criminals’ demands. If your PC has been infected with this ransomware, then you might be interested in finding out more about it.

Dot Ransomware is distributed on a dedicated website that grants access to those that have a registered account. This ransomware is different from most because it is promoted as a Ransomware as a Service (RaaS). Ransomware as a Service means that its developers give other people the license to use it to infect computers and demand money. We have received information that says that the ransom money is split 50-50 between the developers and the users.

The people that get the license to use this ransomware have the freedom to distribute it any way they want to. So, for example, some of them might opt for distributing Dot Ransomware via email spam. If that is the case, then the emails might feature a malicious link that downloads this ransomware when clicked, or have the main executable disguised as a legitimate file attached to the email. The distributors can also use exploit kits to infect legitimate websites and turn them into distribution sites that can automatically download Dot Ransomware by stealth. There are just a few possible ways cyber criminals can distribute this infection.

Since Dot Ransomware has another unique feature, we want to elaborate on. The users that get the license to distribute it have to download to files that include a builder named builder.exe and a core file. The user can use the builder to modify this ransomware’s default settings and also enter necessary information such as the Bitcoin wallet address to which the ransom payment is sent. Of course, the user has to enter the amount to be paid, but the amount the developers recommend is 0.1 BTC which is 120.41 USD. Still, the criminals can ask for more if they want and they set up different amounts to pay for different countries. So they can ask for more money from victims in well-off countries and for less in poorer ones. Furthermore, the criminals can select the particular file extensions to encrypt and whether they want it to encrypt the files entirely or just the first 4 MB of them. Once the encryption is complete, this ransomware will drop two files named "ReadMe-1RU.html" and "ReadMe-k7K.html." These files serve as ransom notes that provide the victims with instructions on how to pay the ransom. Furthermore, this ransomware secretly runs the “vssadmin delete shadows /all /quiet” command in Command Prompt that deletes all shadow copies of your files so you that you would not restore their previous versions.

In conclusion, Dot Ransomware is a sophisticated and highly dangerous computer infection. Given the fact that it was created by cyber criminals for cyber criminals, there is no guarantee that you will receive the decryption password once you pay. Furthermore, the amount asked might be too high because some crooks might be too greedy. So you should consider your options. We suggest that you remove this ransomware from your PC entirely and if you want to do that safely and for free, we invite you to make use of our removal guide. The guide involves using SpyHunter, an anti-malware tool to detect the malicious file so that you could go to its location and delete it manually.

Removal Instructions

1. Open your web browser.
2. Go to http://www.pcthreat.com/download-sph
3. Download SpyHunter-Installer.exe and run it.
4. Launch the program and click Scan Computer Now!
5. Copy the file path of the malware from the scan results.
6. Simultaneously press Windows+E keys.
7. Enter the file path of the malware in File Explorer’s address box.
8. Press Enter.
9. Find and right-click the malicious file and then click Delete.
10. Empty the Recycle Bin.