Dragnea Ransomware is a malicious program that infects a user’s system and locks their personal files with a powerful encryption. The ransom note of the Dragnea Ransomware is in Romanian. The ransom note shows the image of the leader of Social Democratic Party of Romania, Mr. Liviu Dragnea as shown below.
The GUI of the Jigsaw Ransomware is used by Dragnea Ransomware for its specific purposes. The Ransom Note specifies that the user’s files will be destroyed. It has a timer of 72 hours within the ransom note. This clock indicates the amount of time a user has to pay the ransom.
The ransom note looks unfinished when compared to other ransom notes. The ransom note fails to mention a BitCoin address or a contact mail to the hacker. Here is how the ransom note translates for English speaking users on Google translate:
The Dragnea Ransomware doesn’t encrypt the user’s files but it adds a .dragnea file extension to each of the files it targets. As an example, a FileABC.doc will be represented as FileABC.doc.dragnea.
The addition of the file extension to the file format leaves the related software unable to open the file. This detail is missed by users and they feel helpless when the ransom note is displayed to them.
The Dragnea Ransomware does not come with a file encryptor program and just has a code that adds the .dragnea file extension. As it fails to encrypt the files like other Ransomware, it cannot be determined whether Dragnea Ransomware makes changes to the system registry or windows processes in the background.
The Dragnea Ransomware ransom note has a button at the bottom which should provide the decryption key to the user upon clicking. When the user clicks this button only an error message is displayed and no decryption key is provided. Future versions of the Dragnea ransomware might have the full capabilities that a ransomware program has.
Dragnea ransomware uses various distribution techniques to spread from one system to another. Given below are its methods of distribution:
Spam email attachments – Spam email attachments can contain the virus payload dropper for the Dragnea ransomware. Once the user opens the attachments it can execute the malicious code to encrypt the system.
Malicious links – Malicious links can be sent to the user through various messages in the browser. These links inject the ransomware into the system when the user clicks on them.
Social media platforms – Social media platforms can be used to distribute the Dragnea ransomware to multiple people at once. Users should be careful about opening messages from unknown sources as these messages can be carrier of the virus payload.
File Sharing Services – Many file sharing services can provide a different link or replace the link with a different file to inject the Dragnea Ransomware into the system.
Name – Dragnea
Category – Malware, Ransomware
Targeted Operating System – Windows XP, Windows Vista, Windows 7, Windows 8.0/8.1, Windows 10
Symptoms – Displays a Ransom note which states that the user’s files will be destroyed, adds the file extension .dragnea to the files on the system.
Dragnea ransomware is still unfinished as it does not contain the details about the decrypting mechanism.
Removing Dragnea ransomware is an easy process and the users should not panic if their system is infected by this threat. The users can restore their files after the Dragnea ransomware is removed from the system using system backup.
The users should take immediate steps to get rid of this malicious program from their system.
Use the Drangnea Ransomware Removal Instructions mentioned below to get rid of this malicious program.
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Click on the username and enter the password (if any).
Restart System using Safe mode with Command Prompt
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
Restore your system files and settings
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.