Daxin: The Chinese Malware That’s Dangerous and Almost Impossible to Detect

By now, you’ve probably heard the basics of how malware works: it infects a computer or mobile device and then uses that computer or device to attack other devices, steal information, and cause havoc in some other way. While most malware is designed to target computers running Microsoft Windows operating systems, not all does — and Daxin may be the most potent example of this tendency we’ve seen to date.

What Is a Ransomware?

Ransomware is a type of malware that encrypts your files and then demands a ransom from you in order to decrypt them. It’s often spread through phishing emails or infected websites, and can be difficult to detect because it masquerades as legitimate software. Daxin is a particularly dangerous ransomware because it uses a unique encryption algorithm that makes it almost impossible to decrypt your files without the decryption key.

If you’re infected with Daxin, your best bet is to restore your files from a backup. But if you don’t have a backup handy, there are still ways to recover your data even if the virus has encrypted all of your files. You’ll need an advanced tool called Foolish for Thumbs which should allow you to extract some of your data before recovering it from elsewhere.

What Is WannaCry?

WannaCry is a ransomware attack that encrypts your files and demands a ransom in order to decrypt them. It first emerged in May of 2017 and quickly spread around the world, affecting businesses, hospitals, and individuals in over 150 countries. What makes WannaCry so dangerous is that it exploits a vulnerability in Windows operating systems, making it relatively easy for the malware to spread.

And once your files are encrypted, it’s almost impossible to decrypt them without paying the ransom. In some cases, this may be worth it if you don’t have backups of your files or they’re not available elsewhere (for example, pictures or videos). But if you do have backups of these files or if they’re stored on a cloud service like Dropbox or Google Drive, then paying the ransom isn’t worth it.

How Does DoubleLocker Work?

Once a device is infected with DoubleLocker, it will encrypt all of the user’s files using AES-256 encryption. Then, it will change the device’s password and lock the user out. The only way to unlock the device is by paying a ransom of 0.01 Bitcoin, which is about $70. DoubleLocker is difficult to detect because it masquerades as a legitimate app. It also uses dynamic code loading, which makes it hard for security researchers to analyze. DoubleLocker first appeared in October 2015 and has quickly become one of the most prevalent forms of ransomware in China.

Why Does DoubleLocker Exist?

It’s no secret that China is behind a lot of the world’s malware. In fact, many believe that the country is responsible for over half of all malware attacks. Daxin is just one example of the dangerous and sophisticated malware that originates from China. Unlike other forms of ransomware, DoubleLocker encrypts not only your data but also your system partition. What this means is that you’ll need an external drive or some other form of external storage to restore your data.

And if your PC has crashed completely (or even if it has been reset), then you’re out of luck entirely. There are two ways that DoubleLocker can be removed. One is to recover your files with a backup, which might take hours or days depending on how much data was encrypted. Or two, paying the ransom, which could cost anywhere between $100-$1000 per person infected by DoubleLocker and does nothing to guarantee recovery of all encrypted files

How Can I Protect Myself From This Malware?

Daxin is a dangerous malware that is difficult to detect. If you think you may have been infected, it is important to take action immediately. There are a few things you can do to protect yourself from this malware:

1. Keep your operating system and software up-to-date.
2. Use a reputable antivirus program and scan your computer regularly.
3. Be cautious when clicking on links or opening attachments from unknown sources.
4.  Stay away from websites with no reputation and install a browser extension such as Adblocker Plus (Chrome) or ScriptSafe (Firefox).
5.  Always keep personal information safe by using strong passwords for every account, avoiding public WiFi hotspots, never giving out your password to anyone who does not need it, changing your passwords often and staying off of social media if possible.