|Type||Ransomware, Ransomware Trojan|
|Short Description||DirtyDecrypt encrypts the victim’s files and asks for payment.|
|Symptoms||The user’s PC is locked and his files cannot be reached.|
|Distribution Method||Via exploit kits and visiting adult content websites.|
|Detection tool||Download SpyHunter, to See If Your System Has Been Affected By dirtydecrypt.exe|
A Trojan Ransomware called DirtyDecrypt, also known asTrojan.Ransomcrypt.D, Revoyem and dirtydecrypt.exe has been around since July 2013. According to new data, the ransomware has been recently revived. Due to its malicious character, many users refer to the threat as DirtyDecrypt virus but it is indeed a Ransomware Trojan. Various antivirus programs detect the threat under different aliases. Hence, its detection rate is quite high. Revoyem mainly targets computers located in Europe and the United States. However, there is no guarantee that the attacks won’t spread to other continents. After all, we have been witnessing an extensive and aggressive ‘ransomware revolution’, thanks to which many users and businesses have lost millions of dollars.
DirtyDecrypt, dirtydecrypt.exe Detection and Description
According to analysis by Symantec, the systems affected by DirtyDecrypt include:
- Windows 2000
- Windows 7
- Windows NT
- Windows Vista
- Windows XP
Once Revoyem is activated, it may copy itself to these locations:
- %ProgramFiles%\Adobe\[RANDOM CHARACTERS].exe
- %Temp%\[RANDOM CHARACTERS].exe
- %UserProfile%\Local Settings\Application Data\Identities\[RANDOM CHARACTERS].exe
Also, in most of the cases, DirtyDecrypt locks the computer and displays a ransomware image named “DIRTY ALERT.” The message may look like this:
As visible, the user’s image, video, MS Office and PDF files are encrypted and cannot be open. Typically, to have his files decrypted, the victim will be asked for payment. One of the following payment methods should be used:
However, we would like remind you that paying the ransom doesn’t mean that the files will be safely deciphered. The safest way to stay secure against file-encrypting threats is periodically backing up important files via cloud services or external memory devices.
DirtyDecrypt.exe Distribution, Encryption Process and Payload
Symantec has reported that the following types of files may be encrypted by Revoyem:
→7z, avi, doc, docm, docx, jpeg, jpg, mpeg, mpg, pdf, png, rar, rtf, wmv, xls, xlsm, xlsx, zip
According to security researchers, DirtyDecrypt is usually spread via porn websites. Security blogger Kafeine has unveiled that once at the porn site, the victim will be redirected to a Child Porn themed page with highly disturbing image content. Styx Exploit Kit is most likely used for the distribution process. Researchers at Enigma Software have called Styx a ‘dangerous Web based malware infection’ used to spread malicious threats. In the present case, Styx is employed to drop the DirtyDecrypt ransomware that locks the computer. A message informing the victim that they just have viewed illegal content even if they have been driven to it against their will may also be presented.
DirtyDecrypt.exe Removal Process, File Decryption and Prevention
As we always highlight, the safest ways to be protected against ransomware are:
- Sustaining and frequently updating a professional anti-malware program on the system.
- Periodically backing up important files via external memory devices or cloud services.
Also, here are easy step-by-step instructions to enable the Microsoft Windows Defense
feature to backup your files and have the ability to restore them immediately to an
earlier state before their encryption:
1) Download a particular anti-malware scanner and remove the dirtydecrypt.exe files from the computer.
2) Open Properties by right-clicking on My Computer
and then choosing it.
3) Open Advanced System Settings
4) Go to System Protection.
6) Click Configure and then click on Turn On System
7) Click OK and you are all set
After you have this protection switched on, if something happens to your data, you
may be able to restore them, using those steps:
1) Right-Click the encrypted file and then choose Properties.
2) Click the Previous Versions button.
3) At this point, you should see an earlier version of the file with a ‘last
4) Mark the file with the mouse and then choose the down-right button that says
If your files were previously encrypted, this software might leave some files, such
as registry values and others on your system. That is why recommendations are to
download a particular anti-malware program that will ensure your protection and
terminate any traces of the malicious software.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter