Cesar ransomware – new creation of Dharma virus

Cesar ransomware – new creation of Dharma virus snapshot

Dharma ransomware has been updated

Security experts discovered that Dharma ransomware family increased. In August 2017, new a new version of ransomware has been noticed spreading. It is known as Cesar ransomware virus. Therefore, the dangerous ransomware family continues threatening the virtual community.

The virus works similarly to its predecessor. However, it appends different file extension and uses new emails for communicating with victims. This new version of Dharma still relies on social engineering tactics that allow spreading via malicious spam emails that include obfuscated attachments.

The features of Cezar ransomware

Cezar ransomware is also referred as Cesar ransomware. Thus, during data encryption it appends a file extension that includes unique victim’s ID, contact email address and .cezar (or .cesar) file extension:

.[ID]-[contact email].cesar

The virus targets all popular file types, including MS Word, Excel and other documents, text files, various types of images, audio and video files. Just like the majority of ransomware-type viruses, it is designed to corrupt the most valuable data in order to increase criminals’ chances to receive the ransom.

After successful data encryption, Cezar virus downloads a ransom note in HELP.txt file. The message is short and clear. Victims have to contact crooks and get data recovery instructions:

To decrypt files, write to my email [email protected]

However, following these instructions is not recommended. It’s clear that criminals will ask to pay the ransom in Bitcoins. How much they want for data recovery is unknown. It is expected that the size of the ransom might vary based on the amount and importance of encrypted data. However, crooks are not the ones that you should trust. So, in case of the attack, remove ransomware from the PC with antivirus tool.

Protection from the ransomware

The original version of Cezar is known since 2016. Researchers have updated malware several times and currently use numerous file extensions to lock files. While some of the versions are decryptable; others are not. Unfortunately, victims of the recent version are unable to restore their files yet.

Therefore, the best way to avoid data loss – backup your files. There are numerous different solutions how to create and store copies of your files conveniently. Thus, you should finally find a solution that suits your needs the best.

Talking about other precautions, the number one tip is to avoid opening spam emails and especially their attachments. Always double-check the information about sender before opening any content provided in the email.

Finally, do not download illegal content and obtain reputable antivirus. Then, your chances to encounter Cezar or other crypto-malware are low.