DynA-Crypt Ransomware | feat. Karsten from G Data | Summary and Q&A

TL;DR

DinoCrypt is a unique ransomware and spyware combination that steals data and encrypts files, presenting challenges for victims and security professionals.

Key Insights

• 👶 VirusTotal and string analysis are valuable tools for identifying new ransomware and spyware threats.
• ❓ The release of a malware creation toolkit suggests DinoCrypt's widespread deployment.
• 🈺 Open-source ransomware enables individuals with limited expertise to enter the ransomware business, leading to an increase in threats.
• 📁 DinoCrypt is a unique combination of ransomware and spyware that steals data while encrypting files.
• 🎮 Removing DinoCrypt may require bootable solutions or recovery consoles due to its restrictions on system access.
• 📁 Paying the ransom may provide a chance to regain file access, but consulting security professionals is crucial for potential decryptor development.
• ❓ Cybercriminals can provide better support than legitimate companies, highlighting the evolving sophistication of ransomware operations.
• 😥 The continuous deletion of files by DinoCrypt hinders the usability of infected systems and may point to a less optimized encryption algorithm.

Transcript

hello and welcome to the PC security Channel today we'll be taking a look at dinoc Crypt which is both ransomware and spyware and to discuss this with us is carsten hen from G dat who is a ransomware hunter all right you broke me off so you get to complete your introduction all right yeah I work at G data and um I'm mainly work on Ransom but I also... Read More

Questions & Answers

Q: How did Carsten Hen come across DinoCrypt?

Carsten discovered DinoCrypt through string analysis on VirusTotal, using rules and keywords related to ransomware, such as Ransom and Bitcoin, to identify potential threats.

Q: Can DinoCrypt be decrypted?

While it's possible that DinoCrypt can be decrypted, Carsten did not provide details to avoid giving hints to the ransomware authors. Decryptors are only developed if there are active victims.

Q: Is DinoCrypt still in development or already in the wild?

DinoCrypt is already in the wild, as it has been released on a hacking site along with a malware creation toolkit.

Q: What percentage of ransomware is created using toolkits?

It is difficult to determine the exact percentage, but the biggest players in the ransomware industry tend to create their own samples. However, there is a significant number of open-source ransomware created using toolkits or modified source code.

Q: What are the risks of open-source ransomware?

The availability of open-source ransomware enables individuals with limited technical knowledge and resources to enter the ransomware business, leading to an increase in the number of ransomware families and potential threats.

Q: Does DinoCrypt spy on data while encrypting files?

Yes, DinoCrypt is a unique combination of ransomware and spyware. While it is common for malware families to combine different features, DinoCrypt specifically steals data while encrypting files, which is not commonly seen.

Q: How difficult is it to remove DinoCrypt ransomware?

Removing DinoCrypt ransomware may not be extremely difficult, but it can restrict access to various system functions and files. Bootable solutions or recovery consoles may be required to effectively remove it.

Q: Can victims pay the ransom and regain access to their files?

DinoCrypt demands a relatively reasonable ransom of $50. While paying the ransom may offer a chance to regain access to files, it is crucial for victims to contact security professionals, like G Data, who may be able to develop a decryptor.

Summary & Key Takeaways

• Carsten Hen from G data discovered DinoCrypt ransomware through string analysis on VirusTotal and identified its use of PowerShell and data stealing capabilities.

• DinoCrypt is already being used in the wild, as evidenced by its release on a hacking site and the presence of a malware creation toolkit used to build it.

• The ransomware/spyware combo encrypts files and steals data, including keylogging and possibly voice recordings, presenting significant challenges for victims and security professionals.