Dragon ransomware is identified as that in the ransom note #DECRYPT_MY_FILES#.txt that this malware drops in your folders. Dragon scans your files and edits them in such a way that they’re unopenable, marked with the “.locked” extension. The developers of Dragon demand a lot of money for unlocking the files, luckily, a free and independent solution exists, so you don’t need to worry about losing money to the criminals.
Dragon Ransomware quicklinks
- Can Dragon-locked files be restored?
- How to remove Dragon ransomware
- Automatic Malware removal tools
- Dragon’s ransom note text
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Ransomware is a dangerous threat that can cost a person their personal files or can paralyze a business for hours or even days by just making their data inaccessible. Thus, it would be useful to know how ransomware spreads and how to avoid it and how to remove it so that it doesn’t continue to encrypt your data.
Can Dragon-locked files be restored?
There are a lot of ransomware viruses that assign the “.locked” extension to the encrypted files, such as FilesLocker, AndreaGalli, JobCrypter, and others. Luckily, Dragon leaves its name in the ransom note. And while the ransom note looks just like the one for CryptoWall, Dragon is classified as Aurora. Aurora is a family of different infections with unique ransom notes and extensions, but security researchers peer inside these malicious executables and find out their genealogy.
Dragon and a lot of other ransomware viruses are file-lockers which use cryptography to break your files but also reverse the encryption if you have the decryption keys. If the encryption was implemented properly, the only way to reverse the damage that was done to the “.locked” files would be to pay the ransom to the criminals responsible for Dragon and hope that they send you a working decrypter. They ask for 0.3 Bitcoin, too — that’s a very high price, currently around $3000.
Luckily, Emsisoft and Demonslay335 have developed a decrypter for Aurora ransomware, which Dragon is a type of. After you have removed Dragon and other malware, you can use it on your files, you’ll just need an example of an unencrypted file next to an encrypted file. This link goes to Emsisoft’s page for downloading the decrypter and the user manual. Emsisoft is responsible for a lot of ransomware decrypters.
Each victim’s decryption key is unique, which is why the decrypter needs to find it on your computer. If you want to be very careful, you can first make copies of the encrypted files and keep the unedited originals. Then, in case anything goes wrong, you won’t have lost your opportunity to decrypt the Dragon-locked data.
How to remove Dragon ransomware
Dragon does need to be gone from your machine before you use it again, and you should find out how you got infected and plug those security holes. Repeat infections are common. If this isn’t the first instance of ransomware that you’ve experienced, that’s all the more reason to check your computer for vulnerabilities.
First, most competent antivirus tools, like Spyhunter, would be able to detect Dragon ransomware (VirusTotal report). So, scan your machine for malware and make sure that Dragon is gone from your computer.
Most importantly, make sure to keep backups of your files. That way, no virus is scary because you can always restore your computer to a healthy state without losing too much data.
Next, check how Dragon infected you so that you can avoid future viruses:
- If you are infected often but you didn’t do anything suspicious, it’s possible that Dragon is distributed using preinstalled trojans. A very strong scanner would be needed to find this, as well as a specific procedure to not allow the trojan to hide.
- If you got Dragon by downloading some program, just make sure to scan every file you download and try to stick to official sources.
- Dragon might have arrived on a message or email, either as an attachment, or a download link. Scan files before opening them and don’t trust strange messages that are urgent, vague, unrealistic, or which share files unnecessarily.
- A working Remote Desktop can be used to infect you if you don’t use a VPN, have a weak username and password, or haven’t installed your security updates.
- Speaking of updates, Dragon’s developers could use an Exploit Kit to infect people who use outdated software and accidentally (for example, through malicious ads) are directed to an infected website.
- Finally, some ransomware viruses can spread on the local network from just one infected computer, so if someone else is also suffering from Dragon, these infections might not even be your fault.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Dragon’s ransom note text
Dragon Ransomware
############################What happened to your files?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall. More information about the encryption keys using RSA-2048 can be found here: en.wikipedia.org/wiki/RSA_(crypto system)#What does this mean?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.#How did this happen?
Especially for you, on our server was generated the secret key pair RSA-2048 – public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.#What do I do?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for the solutions because they do not exist. Trying to reinstall the system and decrypting the file with a third-party tool will result in file corruption which means no one can decrypt your file(including us)!
If you still try to decrypt the file yourself, you do so at your own risk!#Test decryption!
As a proof, you can send 3 encrypted files and ID to test decrypt,and we will send you the decrypted files to prove that we can decrypt your files.
To decrypt all your files, you need to buy Dragon Decryptor.#How to buy Dragon Decryptor?
1.buy 0.3 bitcoin at https://localbitcoins.com
2.contact us by email to get a payment address
3.send bitcoin to our payment address
4.after payment,we will send you Dragon DecryptorEmail:
[email protected]
ID:…