Dragon Ransomware

Posted by Sarah Stewart on August 30, 2019

What is Dragon Ransomware?

Although most file-encryptors act the same, it is important to identify the specific infections that attack you. Dragon Ransomware is the threat we are discussing in this report, and when it encrypts files, it adds the “.locked” extension to their names. This tells us nothing because this extension has been used by FORMA Ransomware, Locked Ransomware, Nog4yH4n Project Ransomware, and several other malicious threats. That being said, the threat introduces itself using the ransom note file, which you are likely to find created next to the encrypted documents, photos, videos, and so on. The name of this file is “#DECRYPT_MY_FILES#.txt,” and it was created to help attackers deliver their demands in a clear way. So, what happens after your files are encrypted? That depends on your actions completely, and we have a few tips that might help you navigate this situation. Please continue reading to learn how to delete Dragon Ransomware, how to save your files, and how to secure your operating system in the future.

How does Dragon Ransomware work?

Dragon Ransomware, according to Anti-Spyware-101.com research team, is a variant of Aurora Ransomware, which is an infection whose removal was discussed a year before the new variant came up. The goals behind both of these infections are shared – their attackers want money. To make their demands, they need to invade operating systems first, and they could use spam emails, unreliable downloaders, vulnerabilities, and other infections to help the ransomware slither in. Once in, the infection receives an encryption key and starts corrupting personal files. They are corrupted by changing the data, which ensures that victims themselves cannot open the files. This is when the #DECRYPT_MY_FILES#.txt file is created, and it might be the most important part of the entire Dragon Ransomware infection. You should remove this file, but opening it is not dangerous. The message inside informs that files were encrypted using the RSA-2048 key, which cannot be cracked manually. It also informs that a tool called “Dragon Decryptor” is the only thing that can help decrypt files. Needless to say, this tool does not come for free. Instead, it costs 0.3 BTC, which, at the time of analysis, was around 2,800 USD.

There is not enough information in the Dragon Ransomware ransom note to make the payment, but the victims are asked to send a message to dragon-support@pm.me. Although that might seem like the only option for some victims, communicating with cybercriminals could be dangerous. In the best-case scenario, the attackers would send instructions to facilitate the ransom payment. In the worst-case scenario, they could send you files hiding malware that you would need to remove from your system later on. They could also sell your email address or share it with other malicious parties. Unfortunately, if files are encrypted, and if backups that could replace them do not exist, victims might be willing to take the risk. This risk is huge, especially since it is unlikely that a decryptor would be sent in the end. The good news is that a free Aurora decryptor exists, and it is likely that you will be able to restore the files corrupted by Dragon Ransomware using it too.

How to delete Dragon Ransomware

In conclusion, Dragon Ransomware was created to invade your system, encrypt your personal files, and introduce you to a text file that contains a message. The only reason this infection was created was so that vulnerable Windows users could be pushed into paying money for a tool that, allegedly, could restore files. The cost of this tool is high, and there is no guarantee that you would get it. More likely, you would not. Luckily, you do not need to take risks because a free decryptor exists already. Since that is not usually the case, creating backups of your personal files is extremely important. If you have copies stored outside the computer, where the original files are stored, you will not need to fear damage caused by malware, loss, theft, or technical hardware problems. Securing the system so that malware could not attack in the first place is important too. We suggest installing anti-malware software now to have Dragon Ransomware removed automatically, and the operating system secured too.

Removal Guide

  1. Delete all copies of the ransom note file, #DECRYPT_MY_FILES#.txt.
  2. Delete the [random name].exefile that executed the infection. A few possible locations:
    • %TEMP%
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
  3. Empty Recycle Bin.
  4. Employ a reliable malware scanner to inspect your system for malware leftovers. 100% FREE spyware scan and
    tested removal of Dragon Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *