A ransomware builder kit, called DH File Locker with a lots of settings, obfuscation and many features has been released on the deep web and surfaced on multiple web forums. The virus aims to provide full access to even inexperienced cyber-criminals on how to create their own version of this ransomware infection. This is a strong indication that infections by variants of DH File Locker will begin to surface online. We have decided to download the ransomware builder and run it to test it’s capabilities and show what aspects of this virus should you beware of and how to protect yourself from it.
DH File Locker
|Type||Ransomware Builder / Ransomware Family|
|Short Description||The malware locks victims files adding a custom unlock password. Has avoiding and anti techniques.|
|Symptoms||Custom file extension and ransom note are added, depending on what the cyber-criminal configures it to do.|
See If Your System Has Been Affected by DH File Locker
Malware Removal Tool
|User Experience||Join our forum to Discuss DH File Locker.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
DH File Locker – Technical Insight
The aim of the DH File Locker ransomware is to lock potential victims out of their files and to perform this, the virus also has an extra within it. It generates random passwords for each file that is blocked by it to make decoding of the files significantly more difficult.
When the ransomware builder kit is download, it is contained in a .RAR archive in which are the virus’s program files:
The main interface of this ransomware is well-designed and has very easy access to all features of this virus, making it user-friendly for any cyber-crook wannabe.
The virus comes with a per-embedded message which can be changed for the victim to see. This message is also known as a ransom note and it may contain different ransom instructions for the victim to see, like a payment “request” for different BitCoin amount to an anonymous BTC wallet.
As visible from the screenshot below, the configuration also includes a folder in which the infected files are hidden and a unique unlock password which is the only one that can unlock your files. In addition to this, DH File Locker can also be configured to run on system startup and hide the locked files as well.
Another interesting function of this ransomware builder is called UAC Tricky which aims to perform different evasion techniques of the User Account Control:
The functions of it can be either switched on or switched off in terms of how it responds when the UAC is off.
Another DH File Locker “function” is to allow it’s creator to choose where the malicious files of the virus will be extracted:
The virus also has a feature, known as FilePumper, aslo associated with the encryption procedure of the files. Furthemore, DH File Locker has multiple other functions, like Extension Spoofer or a function that allows for a custom file extension to be added to the locked files and in addition to it, the virus can also change their icon with a custom one, to further scare the victim.
But this is not all when it comes to DH File Locker. The malware also comes packed with a kit that allows it to run obfuscation against different programs that may allow it’s research. The programs it can fool are:
- Virtual PC software.
- Virtual Box drives.
In addition to this extra, DH File Locker can also directly disable different Windows services too. The services it can shut down by force are:
- UAC (User Account Control).
- Windows Firewall.
- Windows Command Prompt.
- Windows Run Window.
- Windows Task Manager.
- System Configuration service.
- Windows Registry Editor.
- Windows Update Service.
DH File Locker – Conclusion and How To Protect Yourself
Since this virus is still out in the wild and may be re-modified and reused in many different versions, we advise you to take multiple measures in order to protect yourself from it. Here are some of the advices which we would definitely recommend you follow.
Download anti-malware software which will decrease infection possibility.
Learn how to protect yourself from malicious e-mail attachments and web links, by watching the following video.
Learn how to safely store your files by visiting our educational material with different methods to backup in a safe manner.
What If My PC Has Already Been Infected?
In case you were infected by the DH File Locker ransomware, the first thing you should do is to focus on backing up the encrypted files. Then we advise you to follow our removal instructions below. They are carefully designed to help you remove DH File Locker’s malicious files from your computer. In case you do not have the experience in malware removal, experts always recommend using an advanced anti-malware program that will take care of this virus automatically.
If your files have already be locked by DH File Locker, do not despair, because we have suggested several alternative methods below that can help you recover a big chunk of the files if you are in luck, until malware researchers come up with a decryptor.
Manually delete DH File Locker from your computer
Note! Substantial notification about the DH File Locker threat: Manual removal of DH File Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.