Test subject – DBGer ransomware
A new Satan variant was recently released, having quite a few updates. It’s called DBGer, named after the extension it adds to the encrypted files.
Satan has been around for quite some time, and it is very popular among cybercriminals, mostly because of their Ransomware-as-a-Service (RaaS) portal, which makes it easy to distribute the malware for anyone’s benefit. Earlier versions were pretty straightforward, classic ransomware strains if you will, but efficient. Targeting mostly home users, Satan spread across the Globe, quickly becoming notorious.
DBGer ransomware test facts
The malware developers probably thought it was time for an upgrade, as the new variants make use of the infamous EternalBlue SMB exploit (the same used by WannaCry), three other less known exploits, and Mimikatz, which is an opensource password dumping tool. All these suggest that the new Satan versions are targeting corporate users, as these spreading/hacking/brute-force techniques are useful only in bigger networks. Essentially, these are all automated tools to attack other PCs in the network, infecting as many as possible, maximizing chances for profit. Because of this, DBGer should not be taken lightly, because only one infected machine is needed to infect most, part of the same infrastructure.
DBGer is less picky regarding file extensions, as most ransomware attack only a few file types. With DBGer, everything is encrypted, regardless of their location, including files in the “ProgramData” and “Program Files” folders. Nothing is spared, shared network resources or other partitions are quickly compromised.
Currently, there are no tools available to decrypt files attacked by DBGer.
DBGer ransomware test results
TEMASOFT Ranstop detects DbGer ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is killed and quarantined. The affected files are automatically recovered so that the user doesn’t lose her critical documents.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.