Do you know what Dragon Ransomware is?
Personal photos, important documents, irreplaceable videos, and similar files are the prime targets of Dragon Ransomware, a malicious infection that encrypt files and then demands money from victims in return for a decryptor. No one knows if this decryptor exists at all, and that is the first reason we do not recommend trusting the cybercriminals’ promises. Even if they end up decrypting some of your personal files for free – which is what the attackers promise to do – you cannot just automatically assume that all files will be restored after you pay the ransom. So, what are you supposed to do? There is a possibility that you can have your files decrypted for free, and if you are able to take care of that, the only thing you should be concerned about is the removal of Dragon Ransomware.
It is hard to say how Dragon Ransomware got into your operating system. Perhaps you opened a spam email attachment that contained the infection’s launcher? Unfortunately, this is the method of malware distribution that is used frequently. The messages are misleading enough to seem believable, and the attached files might look like regular document files. If the attackers manage to get the infection in, the encryption is initiated right away. The files that are encrypted are also given an additional extension (“.locked”), which is meant to make it more obvious which ones were affected. Unique extensions are often attached when ransomware attacks, and the same can be said about the predecessor of Dragon Ransomware, which is Aurora Ransomware. This infection used to add the “.Aurora” extension. While it is easy to remove these extensions, restoring files is not.
Have you found a file named “#DECRYPT_MY_FILES#.txt?” This file should be created in locations that contain the encrypted files. The purpose of this file is to deliver a message, according to which, a tool named “Dragon Decryptor” must be purchased for the decryption of the files. The price of this tool is 0.3 BTC (~2,500-3,000 USD), and you can pay for it after you send a message to dragon-support@pm.me. If you do this, you are unlikely to receive a decryptor. That is because the attackers do not care to help you, and their end-goal is to grab your money. Once it’s in their pockets, they can move on. Dragon Ransomware is not the only infection of this kind, and our research team has analyzed many of them. Unfortunately, in most cases, once files are encrypted, they are as good as lost. This is not the case, however. Aurora Decryptor is a free tool that was created to help the victims of Aurora Ransomware. According to our information, the same tool should free the files corrupted by Dragon Ransomware too.
Deleting Dragon Ransomware manually might be problematic because we cannot know where the file of this infection was dropped. We also cannot know its name because it is likely to be unique. If you were tricked into executing this infection yourself, it is likely that you can find it on the Desktop, the Downloads folder, or in the %TEMP% directory. That being said, a different location is possible too. Of course, if you know where to find Dragon Ransomware, removing it should not be difficult because its malicious .exe file and the ransom note are the only components dropped. If you also take your operating system’s security into consideration, you might decide to employ anti-malware software. It will automatically erase the threat and continue guarding your system thereafter.
Remove Dragon Ransomware
- Tap Win+E keys to launch the Windows Explorer window.
- Enter the following paths into the quick access field one by one to check for malware:
- %TEMP%
- %USERPROFILE%\Desktop
- %USERPROFILE%\Downloads
- If you can detect Dragon Ransomware .exe file, Delete it.
- Find and Delete every single copy of the #DECRYPT_MY_FILES#.txt file
- Empty Recycle Bin and then run a full system scan using a trusted malware scanner.
In non-techie terms:
It is unknown who the creator of Dragon Ransomware is. It is also unknown what other infections they might be responsible for, or how successful they have been in scamming Windows users out of their money. We hope that you do not become one of the victims. Whether or not you have paid the ransom already, it is likely that your personal files are currently encrypted. Find the Aurora Decryptor that should help you resolve this issue for free. Then immediately delete Dragon Ransomware. If you are not able to do that manually, implement anti-malware software that will not have problems removing this threat automatically. Note that anti-malware software is not only good at the removal of more complex infections but also at the protection of your operating system. Remember that you will remain safe only if your system is protected, if you are cautious, and if your files have backups.