This article aims to help you remove the DagaCrypt Mobef ransomware variant from your computer and restore files encrypted by it.
A ransomware virus believed to be a part of the Mobef ransomware viruses, has been reported to add a blue lockscreen message in which it demands a hefty payoff in Bitcoin to restore files encrypted by it. The virus also performs multiple other modifications on the infected computer such as apply the encryption via RSA and AES encryption algorithms. In case you have been infected by this ransomware virus, we strongly suggest you read the below mentioned material.
Threat Summary
| Name | DagaCrypt |
| Type | Ransomware |
| Short Description | The ransomware encrypts files with the RSA algorithm and AES-128 ciphers and asks a ransom for decryption. |
| Symptoms | Files are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a .txt file. |
| Distribution Method | Spam Emails, Email Attachments, File Sharing Networks. |
| Detection Tool | See If Your System Has Been Affected by DagaCrypt Download Malware Removal Tool |
| User Experience | Join our forum to Discuss Mobef Ransomware. |
DagaCrypt Ransomware – How Is It Spread
In order to infect users on a massive scale, the DagaCrypt ransomware virus may be spread via multiple different techniques, the main of which is via spammed e-mail messages which contain either malicious e-mail attachments or malicious web links uploaded online. These both may be accompanied by deceitful e-mails, like the ones below:
In addition to this there are other methods by which one can become a victim of DagaCrypt ransomware. One of those tools is via fake installers or programs which are uploaded on shady websites.
DagaCrypt Ransomware – Malicious Activity
As soon as infection has commenced, DagaCrypt may drop multiple different files on the infected computer. They may have the following names:
- 44.tmp.exe
- Ransom.Daga.exe
- Tmp.exe
After these files are dropped on the infected computer, the ransomware may begin to interfere with the Windows Registry Editor, meaning that It may modify values or add new strings within the Windows registry editor. The usually targeted Registry sub-key may be the following:
→ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
DagaCrypt Ransomware – Encryption Process
For the encryption process of DagaCrypt ransomware to be successful, the virus may use a combination of AES and RSA encryption algorithms, similar to other Mobef variants. DagaCrypt may be pre-configured to target the following Windows file types for encryption.
→ .3ds .4db .4dd .7z .7zip .accdb .accdt .aep .aes .ai .alk .arj .axx .bak .bpw .cdr .cer .crp .crt .csv .db .dbf .dbx .der .doc .docm .docx .dot .dotm .dotx .drc .dwfx .dwg .dwk .dxf .eml .enz .fdb .flk .flka .flkb .flkw .flwa .gdb .gho .gpg .gxk .hid .hid2 .idx .ifx .iso .k2p .kdb .kdbx .key .ksd .max .mdb .mdf .mpd .mpp .myo .nba .nbf .nsf .nv2 .odb .odp .ods .odt .ofx .ost .p12 .pdb .pdf .pfx .pgp .ppj .pps .ppsx .ppt .pptx .prproj .psd .pst .psw .qba .qbb .qbo .qbw .qfx .qif .rar .raw .rfp .rpt .rsa .rtf .saj .sdc .sdf .sef .sko .sql .sqlite .sxc .tar .tax .tbl .tc .tib .txt .wdb .xbrl .xls .xlsm .xlsx .xml .zip
After the encryption process is complete the files become no longer openable and DagaCrypt adds a custom image with it’s ransom note, which has the following content:
What happened to your files ?
All of your files were protected by a strong encryption.
For more specific instructions, please send us an Bitmessage
you can download here – https//bitmessage.org
on this address BM-NBZnSfSEioDnWmVBGGYiSsqijoBTfAhi
m WARNING m
PLEASE DON’T DELETE THIS FILE IF YOU WANT RECOVER YOUR FILES: C:\Windows\62348433.log
Remove DagaCrypt and Restore Files Encrypted by It
Before removing DagaCrypt from your computer, it is strongly advisable to backup the encrypted files prior to the removal. Then, we recommend you to follow the removal instructions below. In case manual removal is not an option, experts always advise using an advanced anti-malware program to automatically take care of DagaCrypt ransomware.
In case you want to restore files encrypted by this virus, we strongly suggest following the instructions in step “2. Restore files encrypted by DagaCrypt below”.
