Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove DummyEncrypter Virus and Restore Your Files

stf-dummy-encrypter-ransomware-virus-ccleaner-ransom-message-note

DummyEncrypter is a ransomware virus. The malware that unwraps the virus is hidden in an executable file. That file pretends to be the installer of CCleaner, while using its icon, name and other details to make it believable and try to trick users and their AV software. After execution of the malicious script your files will become encrypted and a screen locker will pop up, containing the ransom payment instructions. To see how to remove the virus and how you can try to restore your encrypted files, read the article in full.

Threat Summary

NameDummyEncrypter
TypeRansomware, Cryptovirus
Short DescriptionThe virus will encrypt your files and demand a ransom as payment for their decryption.
SymptomsThe ransomware cleverly pretends to be CCleaner, but if executed, you will get your files encrypted and see a ransom note presenting the DummyEncrypter’s demands.
Distribution MethodSpam Emails, Email Attachments, Executables
Detection Tool See If Your System Has Been Affected by DummyEncrypter

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss DummyEncrypter.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

DummyEncrypter Virus – Infection

The DummyEncrypter ransomware could enter your computer by using different tactics. The sneakiest one of them all is by putting its malicious payload file in an executable that looks like the one of CCleaner. The .exe file takes the icon of the cleaning tool, as well as some signatures and description names so that you could mistake it for the installation setup for the famous registry cleaner by Piriform. You can view the detection rate and the signatures of the payload executable on the VirusTotal site:

stf-dummy-encrypter-ransomware-virus-ccleaner-signatures-virus-total-detections

Other ways that the DummyEncrypter virus could be spreading its malicious payload may exist as well. One of them can be through spam emails. Spam mail usually has an attachment. That attachment hides a malicious script that will infect your computer system when executed. Social media and file-sharing websites could distribute such files, too. Try not to open files from suspicious sources like emails and links until you at least do a scan with a security program and check their size and signature first. You should read the ransomware prevention tips from the thread open in the forum section.

DummyEncrypter Virus – In Detail

DummyEncrypter is a ransomware virus that was recently found by the malware researcher Karsten Hahn from G Data. One interesting fact about the virus is that it pretends to be the cleaning tool CCleaner by Piriform. The virus makes its payload file to look exactly like the setup for the cleaning program, so it’s advised to download any software only from its official website.

In case you have opened the executable, you will see a Command Prompt window flash on your screen and then your files will become encrypted. Right after that, the ransom instructions will be displayed in a message. After the encryption process is set and done, the message will load on your desktop as a lock screen.

When the DummyEncrypter virus has executed its payload and infected your machine, it could also create multiple entries in the Windows Registry. That action is often performed by such ransomware viruses so that they can attain a higher level of persistence. Registry entries can make the malware launch automatically at every boot of the Windows operating system. Your data will then become encrypted, and you will witness the ransom note popping up on your desktop.

You can view the screen lock note from the below image:

stf-dummy-encrypter-ransomware-virus-ccleaner-ransom-message-note

The ransom message reads something along the lines of the following:

Warning: Your data has been encrypted!
Your personal data has been encrypted by a safe technology called AES-256 with US federal government trusted.
When you see this message, we has ENCRYPTED your data by a KEY generated randomly by your machine, and we uploaded this key to our server.
The only way to decrypt your file is use the KEY corresponding the YOUR FILE.
Once encrypt complete we destroyed keys on this machine and only keeps a feature of this machine.
The other parts of your computer is just safe now. Do not worry. We do not harm your computer. But some applications may lost data or texture and unable to start. Once you unencrypt you can use it normally again.
We has been encrypted your 0 files so far.
1) Copy these machine code on a piece of paper or file forever broken:
2) Access the software provider and follow the introductions.
1. Ask for your decrypt key
2. Use DummyUnlocker to restore.
I know, close this dialog | I can’t understand what you are saying

DummyEncrypter will not rush you as it does not give you a deadline for paying the ransom. However, it will try to trick you into thinking that the only way that you can restore your files is to pay for an unlocker tool. That is not true, and you should NOT in any way pay the cybercriminals – this will fund them to perform more criminal acts. Nobody can guarantee you that all of your files will become useable again upon payment. Furthermore, the criminals will probably keep improving their ransomware and could probably encrypt your files in the future.

The DummyEncrypter ransomware uses the AES 256-bit encryption algorithm or so it claims. File types which are encrypted are documents, photos, database files, etc.

The DummyEncrypter virus is very possible to delete the Shadow Volume Copies from the Windows operating system with using the following command:

→vssadmin.exe delete shadows /all /Quiet

Read below about what ways you might try out to restore some of your files back to normal.

Remove DummyEncrypter and Restore Your Files

If your computer got infected with the DummyEncrypter ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by DummyEncrypter.

Manually delete DummyEncrypter from your computer

Note! Substantial notification about the DummyEncrypter threat: Manual removal of DummyEncrypter requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove DummyEncrypter files and objects
2.Find malicious files created by DummyEncrypter on your PC

Automatically remove DummyEncrypter by downloading an advanced anti-malware program

1. Remove DummyEncrypter with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by DummyEncrypter
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.