Japanese-speaking cyber crooks have again shown their interest in ransomware by releasing the Driedsister ransomware, which is one of the latest Japan-targeted infections, detected in February 2018. The Driedsister ransomware encrypts frequently used files, such as MS Office files, photos, archives, music and audio files, and many more, making them inaccessible. A typical ransomware threat would also display the attackers' demand for money, which is not the case with the Driedsister threat. Nevertheless, the malicious threat should be removed from the computer, and some measures should be taken not to fall victim to cyber crooks in the near future.
Upon file encryption, the threat adds the extension .干物妹！to every file and displays a program window-like pop-up that should contain a ransom warning. Instead, the window contains worthless statements providing no relevant information and encryption or decryption. Malware researchers are not sure how to treat this threat, because it does not offer the victim any chance of restoring the encrypted data.
The pop-up window displayed by the Driedsister threat contains a character from the Japananese manga series Himouto!Umaru-chan, so the infection is also dubbed Umaru.
A conventional threat encrypting files drops one or several ransom notes, which are usually notepad (.txt) files. A graphic user interface may also be used to provide the victim with instructions how to make a payment. The victim is usually asked to purchase a certain amount of the Bitcoin currency and send the money to a given account. There are many cases when the victim is asked to reach out to the attacker by email to find out the ransom fee and the method of money submission. The warning of the Driedsister ransomware lacks all these features, suggesting that the author is not interested in financial gain. Even if she did, paying up is not advisable because no one can guarantee that the data affected would be restored. It seems that the Driedsister threat is a good laugh for the developers. Nevertheless, the infection should be removed from the PC straight away, and some additional actions should be taken to prevent similar incidents in the future.
Lilke many other threats, the Driedsister ransomware gets on the computer unnoticed. The method of distribution of this threat has not been determined yet, but it is very likely that the threat is spread as a drive-by download or through deceptive emails, mainly phishing emails that are supposedly sent from a famous company. If you use the RDP service, you should bear in mind that this remote access service can be easily exploited by cyber criminals to inject ransomware or any other threat into your system. To minimize the risk of losing your valuable data, you should make sure that the user name and password of your RDP account are complex enough for a brute-force RDP attack to break them.
It is also important to take a good care of your files so that they can be easily restored in case of ill-purposed encryption. Valuable files should be regularly, or whenever possible, restored to a remote device. Sometime it is possible to decrypt files using third-party decryption tools, but there are many instances when files are damaged for good. Hence, backing up important files is essential.
On the whole, ransomware attacking Japanese-speaking computer users is no phenomenon, because Japanese-speaking computer users have been hit by both the globally notorious threats and region-based threats, including ransomware threats named ONI and MBR-ONI. On June 5, 2017, Japanese authorities arrested a 14-year-old after tracking him down for spamming out home-grown ransomware, which was reportedly downloaded by some 100 people.
If your PC is affected by the Driedsister ransomware, take action to remove it from the computer and shield the system from upcoming cyber attacks, which are not necessarily related to ransomware. An unprotected system can be easily infected with a browser hijacker, adware, data stealing trojan, and many other threats. Below you will find simple guidelines that should help you remove the executable of the Driedsister ransomware. However, our advice is to rely on a reputable security tool so that you can have both the Driedsister removed and the system protected.