A Latest Ransomware DynA-Crypt encrypts and steals your important data

A Latest Ransomware came in the market named DynA-Crypt not only encrypt your data but also tries to steal a ton of information from a victim’s computer. DynA-Crypt is composed of numerous standalone executable and PowerShell scripts that just do not make sense in some of the actions they perform. This kind of malware is designed to encrypt files, steal information such as usernames and passwords, and delete files without backing them up.

Actual problem of this ransomware is to steal different kinds of activities such as  record system sounds from your computer, take screenshots of your desktop, log commands you type on the keyboard, and steal data from various  installed softwares like Skype, Chrome, Firefox, Thunderbird, Minecraft, TeamSpeak and Steam, At the time of stealing, it will copy it into a folder named %LocalAppData%\dyna\loot\, When it is ready to send to the developer, it will zip it all up into a file called %LocalAppData%\loot.zip, and email it to the developer. A major issue is that after it steals your data, for no apparent reason it also deletes many of the folders that it stole from.

A DynA-Crypt is powered by a PowerShell script that uses a standalone program called AES to encrypt a victim’s data. This script will scan a computer for files that match the following extensions and encrypt them.

.jpg, .jpeg,  .mov, .mkv, .png, .odt, .avi, .pptx, .msg, .rar, .zip, .m4a, .csv
.docx, .doc, .xlsx, .xls, .ppt, .pdf, .mp4, .mp3,.pst,  .mdb.

At the time pf encryption, it encrypts a file it will append the .crypt extension to the encrypted file’s name. That means a file named test.jpeg would be encrypted and renamed as test.jpeg.crypt.  The ransomware will also delete the computer’s Shadow Volume Copies so that you are unable to use it to recover files.

When done encrypting a computer with this malware, DynA-Crypt will display a lock screen asking you to pay $50 USD in bitcoins to an enclosed bitcoin address. But good news is that this thing can be easily decrypted, so do not for any reason pay the ransom if you are infected with this program.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *