A new variant of ransomware virus has been discovered by cyber threat analysts. It changes filenames and appends the .dbger extension to encrypted files. This ransomware targets computers running Microsoft Windows by spam emails and hacking into poorly protected SMB Services and then automatically installing the ransomware.
The Dbger@protonmail.com ransomware is a malware that created in order to encrypt documents, photos and music. It hijack a whole PC or its data and demand a ransom in order to unlock (decrypt) them. The makers of the Dbger@protonmail.com virus have a strong financial motive to infect as many computers as possible. The files that will be encrypted include the following file extensions:
.orf, .wb2, .tor, .xyp, .eps, .gho, .sis, .xls, .zdc, .yml, .xll, .yal, .mdf, .webp, .db0, .wma, .itdb, .wpe, .wpl, .lvl, .wpg, .xmind, .xlsx, .zabw, .zdb, .kf, .bkp, .sum, .sql, .wgz, .wbk, .erf, .vfs0, .cr2, .jpg, .fos, .pef, .wsh, .mlx, .svg, .z3d, .ibank, .tax, .xlgc, .y, .big, .wcf, .p7c, .raw, .indd, .epk, .odp, .bik, .srf, .wp, .pdf, .cfr, .hplg, .xbdoc, .sie, .pfx, .crt, .sidn, .fpk, .hvpl, .mcmeta, .ods, .docx, .wpd, .fsh, .sidd, .wpb, .xlsm, .x3d, .ntl, .dbf, .wm, .odm, .psk, .der, .wn, .menu, .xlsx, .wdp, .dazip, .esm, .wp7, .sb, .bc6, .xdb, .icxs, .xlsm, .m2, .flv, .hkx, .xxx, .jpe, .ptx, .asset, .x, .rwl, .mef, .dng, .wbc, .xf, .wsd, .7z, .wps, .ysp, .odb, .xlk, .csv, .slm, .wpt, .zi, .xml, .xyw, .wbm, .rtf, .wpw, .txt, .layout, .dxg, .ltx, .hkdb, .pdd, .arch00, .py, .p7b, .avi, .dmp, .m3u, .bc7, .iwi, .rb, .qic, .sav, .blob, .x3f, .wbd, .mddata, .wot, .w3x, .wpa, .lrf, .css, .kdb, .upk, .wmd, .wp4, .wmv, wallet, .zip, .cas, .pkpass, .vpp_pc, .doc, .webdoc, .wbz, .arw, .gdb, .zif, .wmf, .wmo, .wri, .forge, .odc, .vdf, .nrw, .ff, .mov, .das, .vpk, .rar, .m4a, .2bp, .xx, .pptx, .qdf, .xls, .kdc, .raf, .ncf, .3fr, .iwd, .d3dbsp, .bay, .xld, .wotreplay, .1st, .rofl, .wps, .3dm, .ztmp, .syncdb, .pptm, .rw2, .z, .xwp, .re4, .sr2, .accdb, .desc, .dcr, .r3d, .0, .wdb, .mrwref, .wire, .crw, .xbplate, .itl, .lbf, .wbmp, .xmmap, .zip, .ai, .odt, .p12, .cdr, .docm, .xpm, .wmv, .mp4, .bsa, .ybk, .xar, .pem, .t13, .dba, .bar, .itm, .wpd, .mpqge, .js, .1, .jpeg, .ppt, .pst, .snx, .sid, .wsc
Once a file is encrypted, its filename modified to [firstname.lastname@example.org]OLDFILENAME.dbger. An example below:
sample.doc -> [email@example.com]sample.doc.dbger
Next, the ransomware drops a file called ‘_How_to_decrypt_files.txt ‘. This file contain a guidance on how to decrypt all encrypted personal files. You can see an one of the variants of the ransom instructions below:
Some files have been encrypted
Please send ( 1 ) bitcoins to my wallet address
If you paid, send the machine code to my email
I will give you the key
If there is no payment within three days,
we will no longer support decryption
If you exceed the payment time, your data will be open to the public download
We support decrypting the test file.
Send three small than 3 MB files to the email address
BTC Wallet : *****
Your HardwareID: *****
We recommend you to remove Dbger@protonmail.com virus as soon as possible, until the presence of the ransomware virus has not led to even worse consequences. You need to follow the steps below that will allow you to completely remove Dbger@protonmail.com ransomware virus from your machine as well as recover encrypted files, using only few free tools.
- What is Dbger@protonmail.com virus
- How to decrypt .dbger files
- How to remove Dbger@protonmail.com ransomware virus
- How to restore .dbger files
- How to prevent your system from becoming infected by Dbger@protonmail.com ransomware virus?
- Finish words
How to decrypt .dbger files
The encryption algorithm is so strong that it is practically impossible to decrypt .dbger files without the actual encryption key. The bad news is that the only way to get your files back is to pay (1 Bitcoin) developers of the Dbger@protonmail.com ransomware virus for a copy of the private (encryption) key.
With some variants of this ransomware virus, it is possible to use Windows Shadow Copies or file restore tools to recover files that have been encrypted by Dbger@protonmail.com ransomware virus. So, you have a good chance to recover encrypted personal files for free. You can use the free tools listed below in the blog post.
How to remove Dbger@protonmail.com ransomware virus
Manual removal does not always allow to completely remove the Dbger@protonmail.com ransomware, as it’s not easy to identify and remove components of ransomware virus and all malicious files from hard disk. Therefore, it’s recommended that you use malicious software removal utility to completely remove Dbger@protonmail.com virus off your computer. Several free malicious software removal tools are currently available that can be used against the ransomware virus. The optimum way would be to run Zemana Anti-malware, Malwarebytes Free and Kaspersky Virus Removal Tool.
Get rid of Dbger@protonmail.com virus with Zemana Anti-malware
We recommend using the Zemana Anti-malware that are completely clean your system of the ransomware virus. The tool is an advanced malicious software removal program designed by (c) Zemana lab. It is able to help you remove potentially unwanted applications, viruss, ‘ad supported’ software, malware, toolbars, ransomware and other security threats from your PC for free.
Visit the page linked below to download Zemana Anti-Malware. Save it on your Desktop.
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the download is finished, close all programs and windows on your PC. Double-click the install file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as shown below, click the “Yes” button.
It will open the “Setup wizard” which will help you install Zemana on your personal computer. Follow the prompts and do not make any changes to default settings.
Once installation is finished successfully, Zemana will automatically start and you can see its main screen as displayed in the following example.
Now click the “Scan” button to search for Dbger@protonmail.com ransomware virus and other kinds of potential threats like malicious software and PUPs. A system scan can take anywhere from 5 to 30 minutes, depending on your system. When a malware, adware or potentially unwanted software are found, the count of the security threats will change accordingly. Wait until the the scanning is complete.
After the scan is finished, the results are displayed in the scan report. Next, you need to click “Next” button. The Zemana AntiMalware will delete Dbger@protonmail.com virus and other security threats and add items to the Quarantine. When that process is finished, you may be prompted to reboot the system.
Delete Dbger@protonmail.com with Malwarebytes
Get rid of Dbger@protonmail.com ransomware manually is difficult and often the virus is not completely removed. Therefore, we recommend you to use the Malwarebytes Free that are completely clean your personal computer. Moreover, the free program will help you to get rid of malware, potentially unwanted applications, toolbars and ad-supported software that your machine can be infected too.
Installing the MalwareBytes is simple. First you will need to download MalwareBytes Free on your MS Windows Desktop by clicking on the following link.
Category: Security tools
Update: April 15, 2020
When downloading is finished, close all windows on your computer. Further, launch the file called mb3-setup. If the “User Account Control” dialog box pops up as displayed in the figure below, click the “Yes” button.
It will show the “Setup wizard” that will assist you setup MalwareBytes Anti-Malware on the PC system. Follow the prompts and don’t make any changes to default settings.
Once setup is finished successfully, click Finish button. Then MalwareBytes will automatically launch and you can see its main window as shown on the screen below.
Next, click the “Scan Now” button to start scanning your PC for the Dbger@protonmail.com ransomware virus related files, folders and registry keys. While the MalwareBytes Anti Malware program is scanning, you can see how many objects it has identified as threat.
Once that process is done, you may check all threats detected on your PC system. When you are ready, press “Quarantine Selected” button.
The MalwareBytes Anti Malware (MBAM) will begin to get rid of Dbger@protonmail.com ransomware and other kinds of potential threats like malware and potentially unwanted programs. Once the procedure is finished, you can be prompted to reboot your PC system. We recommend you look at the following video, which completely explains the procedure of using the MalwareBytes Anti Malware (MBAM) to delete hijackers, adware and other malicious software.
Scan your machine and get rid of Dbger@protonmail.com virus with KVRT
KVRT is a free removal tool that can scan your machine for a wide range of security threats such as the Dbger@protonmail.com ransomware, adware, potentially unwanted software as well as other malicious software. It will perform a deep scan of your computer including hard drives and Windows registry. Once a malicious software is found, it will help you to delete all found threats from your system with a simple click.
Download Kaspersky virus removal tool (KVRT) by clicking on the link below. Save it to your Desktop.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
When the download is done, double-click on the KVRT icon. Once initialization procedure is finished, you will see the Kaspersky virus removal tool screen as shown on the image below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next press Start scan button to begin checking your system for the Dbger@protonmail.com virus and other malicious software. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your computer and the speed of your personal computer. When a threat is detected, the count of the security threats will change accordingly.
After the scan is finished, you will be opened the list of all detected items on your machine as displayed in the figure below.
When you’re ready, click on Continue to start a cleaning task.
How to restore .dbger files
In some cases, you can recover files encrypted by Dbger@protonmail.com ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.
Recover .dbger encrypted files using Shadow Explorer
In some cases, you have a chance to restore your documents, photos and music which were encrypted by the Dbger@protonmail.com ransomware. This is possible due to the use of the tool named ShadowExplorer. It is a free program that made to obtain ‘shadow copies’ of files.
ShadowExplorer can be downloaded from the following link. Save it on your Desktop.
Category: Security tools
Update: September 15, 2019
After the download is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the screen below.
Start the ShadowExplorer utility and then choose the disk (1) and the date (2) that you want to restore the shadow copy of file(s) encrypted by the Dbger@protonmail.com ransomware as displayed in the figure below.
Now navigate to the file or folder that you want to restore. When ready right-click on it and press ‘Export’ button as shown in the following example.
Restore .dbger files with PhotoRec
Before a file is encrypted, the Dbger@protonmail.com ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your photos, documents and music using file restore software such as PhotoRec.
Download PhotoRec from the link below. Save it to your Desktop.
Category: Security tools
Update: March 1, 2018
After the downloading process is done, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the image below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will display a screen as displayed in the figure below.
Choose a drive to recover like below.
You will see a list of available partitions. Choose a partition that holds encrypted documents, photos and music as displayed on the screen below.
Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is complete, click OK button.
Next, click Browse button to select where recovered personal files should be written, then click Search.
Count of restored files is updated in real time. All recovered photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, press on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as on the image below.
All restored photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to prevent your system from becoming infected by Dbger@protonmail.com ransomware virus?
Most antivirus applications already have built-in protection system against the ransomware virus. Therefore, if your machine does not have an antivirus application, make sure you install it. As an extra protection, use the CryptoPrevent.
Run CryptoPrevent to protect your PC from Dbger@protonmail.com ransomware virus
Download CryptoPrevent on your MS Windows Desktop by clicking on the following link.
Run it and follow the setup wizard. Once the install is done, you’ll be displayed a window where you can select a level of protection, as shown on the screen below.
Now click the Apply button to activate the protection.
Now your computer should be free of the Dbger@protonmail.com virus. Uninstall MalwareBytes and KVRT. We suggest that you keep Zemana Anti-Malware (ZAM) (to periodically scan your system for new malware). Moreover, to prevent ransomware virus, please stay clear of unknown and third party software, make sure that your antivirus program, turn on the option to stop or scan for ransomware.
If you need more help with Dbger@protonmail.com ransomware virus related issues, go to here.