Do you know what David Ransomware is?
Our researchers have discovered a new ransomware-type infection. It has been given the name David Ransomware because it marks files it affects by adding a new extension .david to them. In addition, it leaves an email email@example.com to users. What we have in mind saying that it “affects files” here is that this malicious application encrypts users’ files using the AES encryption algorithm once it infiltrates their computers successfully. In this sense, it does not differ from older ransomware infections and its predecessor Velso Ransomware. Cyber criminals use ransomware infections to obtain money from users, and it seems that they manage to get what they want in most cases because new ransomware infections are released every day. David Ransomware is not prevalent yet, but this might change soon, so you should not leave your system unprotected. If this infection has already slithered onto your computer and encrypted a bunch of personal files you have, you will not turn the clock back. In this case, you should hurry to delete it from your system so that it could not encrypt new files you create. No, it does not start working automatically on system startup like some other more sophisticated ransomware infections, but you might launch this infection again yourself and, when you do that, it will immediately go to search for new files to encrypt.
There are two symptoms showing that David Ransomware is the one responsible for locking files on your computer. First, files you can no longer open contain the .david extension. Second, a ransom note get_my_files.txt can be located in all folders containing encrypted files. If you open this file and read the message left there for you, you will find out how to unlock those encrypted files – you need to have special decryption software (“to decrypt your files you need to buy the special software”). Its price is unknown, but we are sure your all questions will be answered if you write an email to firstname.lastname@example.org. Of course, there is no point in contacting cyber criminals if you are sure that you are not going to purchase the decryptor from them. It should be emphasized that David Ransomware locks files in almost all directories leaving only the Windows folder (%WINDIR%) unaffected, and the chances are high that you will lose all these files because free decryption software does not exist. Of course, we do not encourage you to purchase decryption software from cyber criminals because there are no guarantees that they will give it to you.David Ransomware screenshot
Scroll down for full removal instructions
Ransomware infections are such threats that slither onto users’ computers without their knowledge. They find out about their entrance only when they discover a ton of encrypted personal files on their systems. Our researchers who have tested David Ransomware say that it should be mainly spread via malicious spam emails. Many similar infections are distributed the same, so you should stay away from all spam emails containing attachments. Do not open them even if they look harmless because these malicious files are usually spread masqueraded as documents and do not look dangerous at all. It has also been observed that David Ransomware might infiltrate users’ computers if they use unsecure RDP connections. If you have not encountered this infection yet, you can still prevent it from entering the system. Stay away from spam emails and make sure the RDP connection you use is safe. On top of that, you should enable security software on your computer so that it would not allow any harmful threats to enter your system.
You need to remove David Ransomware as soon as possible so that it could not lock any new files you create. Since it is far from sophisticated malware, you should be able to remove it from the system quite easily. All you need to do is to delete the malicious file you have launched recently, aka the launcher of the ransomware infection. Then, go to delete the ransom note it has dropped from all affected directories. You should also scan your system with an antimalware scanner to make sure you do not leave any components of this threat on your system.
How to remove David Ransomware
- Open Windows Explorer (Win+E).
- Delete the malicious file launched recently (it should be located in %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, or %TEMP%).
- Remove get_my_files.txt from all affected directories.
- Empty Trash.
In non-techie terms:
David Ransomware is a serious malicious application you might encounter if your system is unprotected. It slithers onto computers with the intention of encrypting users’ personal files. Ransomware infections lock personal files on victims’ computers to help cyber criminals behind them to extract money from users. It goes without saying that paying a ransom to crooks is the worst users can do. Since there are no guarantees that you will get decryption software from cyber criminals, you should restore your files from a backup, if possible, instead.