Test subject – Delphimorix ransomware
Delphimorix is a new ransomware, emerged at the end of the last month. Since then, in just a couple of weeks, the authors released a few new variants, changing the ransom note but little in the code itself. At first, they demanded 101 Bitcoins to recover the files, but with the later variants, this went up to 999999.5 Bitcoins with the release of the “red” variant. This ridiculous amount is obviously a joke, nevertheless, the ransomware is not, as it will destroy your important files if countermeasures are not deployed.
Delphimorix ransomware test facts
Once executed, it will immediately start encrypting. This is one of the slowest ransomware we’ve seen lately, as it took more than 30 minutes to finish. This may be the intended behavior, to avoid detection by some anti-malware solutions. The encrypted files are renamed, receiving a very long extension “DeLpHiMoRiX!@@@@_@@_@_2018_@@@_@_@_@@@”. The ransom is quite a joke of course, but an email address is provided to contact the cybercriminals. The email addresses changed with all the released variants, as the older ones were shut down one by one.
Fortunately, free decryption tools were released by the cybersecurity experts, and most variants are now decryptable.
Delphimorix ransomware test results
TEMASOFT Ranstop detects Delphimorix ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is blocked and quarantined. The affected files are automatically restored so that the user doesn’t lose her important documents.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.