Dot Ransomware

What is Dot Ransomware?

According to our malware analysts, Dot Ransomware is a malicious application that can infect your computer by stealth and then encrypt your files. Once the encryption is complete, it will drop a ransom note that demands you to pay a ransom to decrypt your files. However, you should consider removing this ransomware instead because there is no guarantee that your files will be decrypted. Price is also a factor because in some cases paying the ransom is not affordable or the files are not worth the money. In this article, we will discuss how this ransomware works, where it comes from and how you can get rid of it safely.

Where does Dot Ransomware come from?

Our malware analysts have determined that Dot Ransomware is another name for Unlock26 Ransomware that is known to be distributed on a dedicated website. Apparently, Dot Ransomware is a Ransomware-as-a-Service-type program which means that its developers distribute allow other people to use it make money. The ransomware payments are split 50-50 between the developers and the cyber crooks that use it. The way in which this ransomware is distributed to infect the victim’s computers is unknown. However, researchers say that the criminals that get their hands on this ransomware’s builder can create a customized version and distribute it in whatever manner they want. They might send this ransomware via email or have infected websites download it on a PC when the user visits the site. Then again, cyber crooks might just bundle this ransomware with pirated software cracks or keygens so that the user would think that the anti-malware program detected a false positive and disable it.

What does Dot Ransomware do?

Dot Ransomware’s developers offer their “clients” a program named Ransomware Builder. This application enables cyber crooks to develop their own custom ransomware. The features that they can customize include the file extensions that Dot Ransomware can encrypt as well as the sum to be paid for the decryption. Interestingly, it also includes a separate list of countries that require their residents to pay more. So, for example, the sum to be paid is universal for all countries around the word but, let us say, people in the US, Canada, and Australia have to pay 0.2 BTC (238.57 USD) more than all other countries. The criminals can also select a full or partial encryption of the files. A partial encryption will result in the encryption of the first 4 MB of the files.

This ransomware was set to encrypt your files with an advanced encryption algorithm that creates a public encryption key and a private decryption key. The decryption key is sent to the command and control server and the only way to get it is to pay the ransom and get the decryption password. Once the encryption is complete, Dot Ransomware will drop HTML files named ReadMe-1RU.html, ReadMe-k7K.html that contain instructions on how to pay the ransom. %HOMEDRIVE%, %LOCALAPPDATA%, %APPDATA%, %PUBLIC%, %USERPROFILE%, and %ALLUSERSPROFILE% are the location in which the ransom notes are dropped.

How do I remove Dot Ransomware?

Researchers have concluded that Dot Ransomware is a highly malicious program that can encrypt your personal files and demand money for the decryption password. There is no guarantee that you will get the password once you have paid, so we suggest that you remove this program from your PC as soon as possible. You can use SpyHunter to detect the malicious and then go to its location to delete it manually.

Removal Guide

  1. Go to http://www.anti-spyware-101.com/download-sph
  2. Download Spy-Hunter-Installer.exe and run it.
  3. Run the installed application.
  4. Select Scan Computer Now!
  5. Press Win+E keys.
  6. Type the file path of the malicious file in the File Explorer’s address box and hit Enter.
  7. Right-click the malicious file and click Delete.
100% FREE spyware scan and
tested removal of Dot Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *