FANDOM


DirtyDecrypt is a ransomware that infiltrates systems and encrypts various file types (including .pdf, .doc, .jpeg, etc.).

Payload

During encryption, DirtyDecrypt embeds an image file into each encrypted file. Thus, when victims attempt to open an encrypted file, the image (which contains a ransom-demand message) is opened. Research shows that this ransomware can be distributed using spam emails (with malicious attachments) and other viruses that download ransomware. DirtyDecrypt infiltrates explorer.exe, svchost.exe and winlogon.exe - legitimate Windows processes.

The ransom-demand message informs victims of the encryption and encourages them to click CTRL+ALT+D to open the decryptor. Victims are then asked to pay a certain fee in exchange for a decryption tool. Developers of DirtyDecrypt demand payment using the Ukash, PaySafeCard, or MoneyPak payment method. 

File types targeted by DirtyDecrypt:

.7z, .avi, .doc, .docm, .docx, .jpeg, .jpg, 
.mpeg, .mpg, .pdf, .png, .rar, .rtf, .wmv, 
.xls, .xlsm, .xlsx, .zip
Community content is available under CC-BY-SA unless otherwise noted.