Remove D0glun ransomware (.@D0glun@ virus)

D0glun ransomware, or .@D0glun@ virus, is a file-encrypting malware. These types of infections are designed to take users’ files hostage by encrypting them and demanding a payment for their recovery. This ransomware can be identified by the .@D0glun@[original file extension] extension. The ransomware appears to be targeting Chinese-speaking users, as the ransom note is in Chinese. If the computer does not have the Chinese alphabet, the note will appear in gibberish characters.

 

 

As soon as D0glun ransomware is initiated, it begins encrypting files. Like all ransomware, it targets all personal data, including photos, documents, images, etc. You will be able to tell which files have been encrypted by the extension added to them. D0glun ransomware adds .@D0glun@[original file extension]. For example, a text.txt file would become text.@D0glun@txt. Unfortunately, none of these files will be openable unless you first decrypt them, which will not be easy, as the only people who have the decryptor are the cybercriminals operating this ransomware.

Depending on the ransomware version, the D0glun ransomware will drop a ransom note in either Chinese or English. The notes explain that files have been encrypted and can only be recovered by paying a ransom and getting a decryptor. The note does not mention the specific ransom amount, but it’s likely to be at least $1,000.

The ransom note in Chinese dropped by the D0glun ransomware:

你的文件已被加密
我的電腦出了什么向題？ 您的電腦部分文件被我加密保存了 文件炎型有zip|rar|png|jpg|txt|mp4|等等各種常見文桂文件
在未解密前，請勿嘗試任何系毒軟件，否則我元法保証你的文件安全
我垓如何恢夏我的重要文件？
請下載To r瀏覽器，在你的右逍 然后訪向以下地址
hxxp://33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion
尋求幫助 這是我的BTC收款地址
1M7JVws3HccTGd14CV3qX21G7gzcJj77UH

The ransom note in English dropped by some versions of the D0glun ransomware:

Your files are encrypted.

What’s wrong with my computer?
I’ve encrypted some of your files.
File types include ZIP|TXT|PNG|JPG|PDF|DOC|and other common file formats.
———- ———- ——
Please do not try any antivirus software before decryption, otherwise I can not guarantee the safety of your files!
——————————————————-
How do I recover my important files?
————————————–
Files with @D0GLUN@+source file suffix.
Such files can only be decrypted by our decryption service.
Trying any other decryption method will be futile.
Please visit our Dark Web site and we will provide you with a specialized decryption service.
Of course, there is a fee for this service
======================================
Can we really decrypt it?
======================================
We will honor our word of honor
We can decrypt a small part of your file for free
to prove that we can actually decrypt it!

———- ———-
Please download the Tor Browser to your right

Then visit the following address
–
Contact us for help
In the lower right corner is my BTC collection address

As is the case with all ransomware, paying the ransom is not recommended. Since you are dealing with cybercriminals, there is no guarantee that they will keep their end of the deal and send the decryptor. Many victims have paid malicious actors for decryptors only to receive nothing in return. While the decision is yours, you need to be aware of the risks that come with engaging with cybercriminals.

If you have a backup of your files, you can start recovery as soon as you remove D0glun ransomware from your computer. Ransomware is a sophisticated malware infection, so manual .@D0glun@ virus removal is not recommended. To safely and correctly delete D0glun ransomware, you need to use an anti-malware program. Once the ransomware is gone, you can connect to your backup.

Ransomware infection methods

Users who have poor browsing habits are often significantly more susceptible to malware infections on their computers. If you frequently open unsolicited email attachments, download files or software from unreliable sources, pirate content via torrents, or click on ads while browsing potentially unsafe websites, it’s just a matter of time before you pick up some kind of infection. One effective way to safeguard against future malware infections is to develop better online/browsing habits.

If you’re using torrents to download copyrighted content, you likely realize that torrent sites are often poorly regulated. Malicious actors take advantage of these platforms to upload torrents for popular movies, video games, TV shows, and software with concealed malware in them. While some harmful torrents are easy to spot, others can be quite deceptive. Bear in mind that downloading copyrighted content via torrents is not only illegal, but it also significantly jeopardizes your computer’s security.

Malicious spam emails are another common method for distributing ransomware and other infections. Cybercriminals buy a lot of email addresses from various hacking forums and launch extensive spam campaigns. These email addresses often end up on these forums due to data breaches or leaks. Malicious campaigns targeting a lot of users with the same email are fairly obvious. However, when they are aimed at specific individuals, they can be more sophisticated.

Typically, generic malicious emails are filled with spelling and grammatical mistakes, address recipients as User, Member, Customer, and create a sense of urgency to open an attachment, claiming it contains an important document for immediate review. Generic malicious emails try to mimic legitimate emails from companies, but are usually low-effort and easily identifiable.

Despite many malicious emails being fairly obvious, it’s always a good practice to scan any unsolicited attachments with anti-virus software or services such as VirusTotal before opening them.

Delete D0glun ransomware

Ransomware is a very complex infection and requires a professional anti-malware program to get rid of. Thus, do not try to remove D0glun ransomware manually as you could end up causing additional damage to your device. Instead, use an anti-malware program to delete D0glun ransomware. Once the ransomware is no longer present, it’s safe to connect to your backup to start file recovery.