Damage ransomware has been spotted at the end of February 2017, and it seems to be a file encrypting ransomware, which enters victims computer system using tricky methods, then runs a scanner that detects target file types and encodes all of these files with cryptography algorithm. Such damage to data is very dangerous because usually files cannot be restored without a special decryption key, which criminals send out to their secret servers.
The virus adds .damage file extension to encrypted files and creates a ransom note called firstname.lastname@example.org[random chars].txt. It seems to be one of the many ransomware viruses that provide an email address and invite the victim to get in touch with criminals via email.
The virus infections are initiated mainly through direct hack attempts. The Damage Ransomware attempts to intrude into the target servers by using RDP (Remote Desktop Protocol) attacks and exploiting various weaknesses in an automated way.
The RDP intrusions are done by using an IP scanner to analyze of the standard port 3389 is available and if there is a service open.
Other ways to distribute the malware include the following:
Email Spam Campaigns – The hackers use email spam messages to spread the viruses either in hyperlinks or directly attach them to the messages. In recent times the hackers use many different kinds of social engineering tactics.
Software Installers – Infected bundle installers are often used to spread dangerous viruses. They are often found on illegal download sites and BitTorrent trackers.
Malicious Redirects – All sorts of browser hijackers and malicious redirects are used to deliver virus executables to the victims.
To aoid suh Malware infections:
Follo better anti-spam measures – don’t download shady attachments
Don’t give your email to sites with pirated content
Never install suspicious ZIP or RAR files from spammed emails
Get an anti-malware tool, and the one with a back up feature like Max Total Security.