Ransomware Report
You can check the latest ransomware information.
- title
- Analysis of Doydo [Doydo], a ransomware with all extensions changed to .doydo (Babuk series)
- Registration date
- 2022-12-22
- views
- 13999
[Doydo ransomware]
[Virus/malware activity reported: Doydo ransomware]
A breach believed to be in the form of Doydo ransomware has occurred,
so we would like to confirm the situation and provide a warning as follows.
Doydo ransomware
The ransomware in question is called Doydo and has a filename.extension. It appears that all files with the extension doydo are being changed.
How it works
file version
[Figure 1 File version]
[Figure 2 File properties]
behavioral process
Deleting shadow copies
After encryption, shadow copies are deleted to make recovery difficult.
[Figure 3 Deleting shadow copies]
Infection results
A guide file is created in each folder under the name Help Restore Your Files.txt, and when encryption is performed, the files are changed to <file name.extension.doydo>.
[Figure 4 Infection result 1]
[Figure 5 Infection result 2]
White Defender compatible
It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.
[Figure 6 Block message]
[Figure 7 Block message]
[Figure 8 Block message]
