Domino Ransomware – the AES-1024 Encrypted Virus?

A new virus by the name of Domino has surfaced on the web. The note of the ransomware claims that the virus uses the AES 1024 encryption. The virus encrypts the infected victim’s files and asks for ransom – 1 BTC or around $600. The ransomware uses the .domino extension.

How Does the Domino Ransomware Spread?

The new ransomware virus is likely to spread with the usual email spam containing malicious ZIP archives. If the archives are opened, they run a JavaScript, which will unleash the file on the victim PC. Emails are often made to look like they were sent from a respectable source, like a bank, a software corporation, or a service. Another virus, Locky uses DLL inside the ZIP files instead of an EXE.

The Ransomware Note – Domino’s Demands

The ransomware scammers are after 1 BTC, the usual amount for this type of scam. The note is written in very bad English. Whoever wrote it either very unfamiliar with the language or is faking ignorance. You can see the entire ransom note bellow:

Your file had been encrypted with AES 1024 bit key!!
How to decrypt your files:
1. Send me 1 bitcoin to: 1AkHpPZ18f3QAygdMV2W4R4QjkzYxDkNEA
2. After send bitcoin, send me your (computer name + user name + bitcoin address) to email [email protected] to get password!
3. Using your password to decrypt your files!
If you didn’t do this, your password to decrypt your file will be destroy after 72 hour.
Winter Is Coming!
How to buy bitcoin:
https://www.coinbase.com/buy-bitcoin?locale=en
https://localbitcoins.com/guides/how-to-buy-bitcoins
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
(….Domino………….)

There are some other notable details. The note is written in first person, “Send me.” This could mean that there’s only one scammer behind the Domino ransomware, but it’s doubtful. The scammer’s claim that the virus uses an AES 1024 bit key is also very doubtful. It’s possible that the note boasts this encryption to hide the fact that the real key is 128 or 256. On top of all that the note also includes a reference to Game of Thrones. The ransom note also has a little text art donkey looking creature at the end, with a speech bubble attached. It’s possible that this is “Domino.”
The broken English and the wrong information in the note make the Domino virus look a bit low-rent, but it the threat of the ransomware shouldn’t be underestimated.
You Can See a Screenshot of the Ransom Note Bellow:

domino-ransomware-note-helloword-bestsecuritysearch

Domino Ransomware and Other Viruses

The ransomware game is heating up. 209 million dollars were made this year alone. New ransomware projects also pop up regularly, like the Shark ransomware project . Domino isn’t the only ransomware that includes references to hit TV shows. The Fsociety ransomware was inspired by the Anonymous-like group from Mr. Robot.
The AES 1024 encryption that Domino claims to use probably isn’t present in the virus. The most widely used encryption by successful ransomware viruses is the military grade AES – 256.

Was this content helpful?

Author : Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *