FANDOM


DataKeeper is a ransomware that runs on Microsoft Windows. This malware is developed using Microsoft .NET Framework and is provided as RaaS (Ransomware as a Service). This means that any aspiring cyber criminals can download this malware and distribute it to generate revenue. 

Payload

Once files are encrypted, using them becomes impossible. After successfully encrypting data, DataKeeper creates an HTML file ("!!! ##### === ReadMe === ##### !!!.htm") and places it on the desktop wallpaper.

The new HTML file informs victims of the encryption and encourages them to pay a specific ransom in the Bitcoin cryptocurrency. Victims are then supposedly able to download a decryption tool. This malware encrypts files using AES - a symmetric encryption algorithm that uses an identical key to encrypt and decrypt files. Each victim receives a unique key, however, these keys are stored on a remote server and victims are encouraged to pay ransoms for their release. The cost cannot be confirmed, since distributors have the ability to set their own costs. Generally, cyber criminals demand $500-$1500. No matter how low or high the cost, never pay these people. Research shows that cyber criminals are very likely to ignore victims once payments are submitted - paying typically gives no positive result and users are scammed. The user is strongly advised to ignore all requests to pay any ransoms. There are currently no tools capable of file decryption of files compromised by DataKeeper and the situation will probably remain unchanged. The only solution is to restore everything from a backup.

Community content is available under CC-BY-SA unless otherwise noted.