Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove dirtydecrypt.exe a.k.a. Revoyem, Trojan.Ransomcrypt.D

Namedirtydecrypt.exe
TypeRansomware, Ransomware Trojan
Short DescriptionDirtyDecrypt encrypts the victim’s files and asks for payment.
SymptomsThe user’s PC is locked and his files cannot be reached.
Distribution MethodVia exploit kits and visiting adult content websites.
Detection toolDownload SpyHunter, to See If Your System Has Been Affected By dirtydecrypt.exe
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

A Trojan Ransomware called DirtyDecrypt, also known asTrojan.Ransomcrypt.D, Revoyem and dirtydecrypt.exe has been around since July 2013. According to new data, the ransomware has been recently revived. Due to its malicious character, many users refer to the threat as DirtyDecrypt virus but it is indeed a Ransomware Trojan. Various antivirus programs detect the threat under different aliases. Hence, its detection rate is quite high. Revoyem mainly targets computers located in Europe and the United States. However, there is no guarantee that the attacks won’t spread to other continents. After all, we have been witnessing an extensive and aggressive ‘ransomware revolution’, thanks to which many users and businesses have lost millions of dollars.

DirtyDecrypt, dirtydecrypt.exe Detection and Description

According to analysis by Symantec, the systems affected by DirtyDecrypt include:

  • Windows 2000
  • Windows 7
  • Windows NT
  • Windows Vista
  • Windows XP

Once Revoyem is activated, it may copy itself to these locations:

  • %ProgramFiles%\Adobe\[RANDOM CHARACTERS].exe
  • %Temp%\[RANDOM CHARACTERS].exe
  • %UserProfile%\Local Settings\Application Data\Identities\[RANDOM CHARACTERS].exe

Also, in most of the cases, DirtyDecrypt locks the computer and displays a ransomware image named “DIRTY ALERT.” The message may look like this:

dirty-alert

As visible, the user’s image, video, MS Office and PDF files are encrypted and cannot be open. Typically, to have his files decrypted, the victim will be asked for payment. One of the following payment methods should be used:

  • Ukash
  • PaySafeCard
  • MoneyPak

However, we would like remind you that paying the ransom doesn’t mean that the files will be safely deciphered. The safest way to stay secure against file-encrypting threats is periodically backing up important files via cloud services or external memory devices.

DirtyDecrypt.exe Distribution, Encryption Process and Payload

Symantec has reported that the following types of files may be encrypted by Revoyem:

→7z, avi, doc, docm, docx, jpeg, jpg, mpeg, mpg, pdf, png, rar, rtf, wmv, xls, xlsm, xlsx, zip

According to security researchers, DirtyDecrypt is usually spread via porn websites. Security blogger Kafeine has unveiled that once at the porn site, the victim will be redirected to a Child Porn themed page with highly disturbing image content. Styx Exploit Kit is most likely used for the distribution process. Researchers at Enigma Software have called Styx a ‘dangerous Web based malware infection’ used to spread malicious threats. In the present case, Styx is employed to drop the DirtyDecrypt ransomware that locks the computer. A message informing the victim that they just have viewed illegal content even if they have been driven to it against their will may also be presented.

DirtyDecrypt.exe Removal Process, File Decryption and Prevention

As we always highlight, the safest ways to be protected against ransomware are:

  • Sustaining and frequently updating a professional anti-malware program on the system.
  • Periodically backing up important files via external memory devices or cloud services.

Also, here are easy step-by-step instructions to enable the Microsoft Windows Defense

feature to backup your files and have the ability to restore them immediately to an

earlier state before their encryption:

1) Download a particular anti-malware scanner and remove the dirtydecrypt.exe files from the computer.

2) Open Properties by right-clicking on My Computer

and then choosing it.

properties (1)

3) Open Advanced System Settings

advanced-system-settings

4) Go to System Protection.

configure-protection-290x300
5) Mark the HDD partition on which you have necessary files, and you want to defend.

6) Click Configure and then click on Turn On System

Protection.

7) Click OK and you are all set

After you have this protection switched on, if something happens to your data, you

may be able to restore them, using those steps:

1) Right-Click the encrypted file and then choose Properties.

2) Click the Previous Versions button.

3) At this point, you should see an earlier version of the file with a ‘last

modified’ date.

4) Mark the file with the mouse and then choose the down-right button that says

Restore.

IMPORTANT:

If your files were previously encrypted, this software might leave some files, such

as registry values and others on your system. That is why recommendations are to

download a particular anti-malware program that will ensure your protection and

terminate any traces of the malicious software.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.