- Home
Detectable Ransomware DCRTR-WDM
Ransomware Research
DCRTR-WDM Ransomware
DCRTR-WDM is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on October 1, 2018, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: WDM.
Quick Facts
- Ransomware Family
- DCRTR-WDM
- First Seen
- October 1, 2018
- Known Aliases
- WDM
How DCRTR-WDM Ransomware Works
Targeted Files
https://www.bleepingcomputer.com/forums/t/686098/dcrtr-wdm-ransomware-support-dcrtr-cryptes-java-parrot-crypt/page-4 https://app.any.run/tasks/d820bb99-699e-49b1-8ee7-a09ec958c102/ https://www.bleepingcomputer.com/forums/t/700165/new-ransomware/ https://app.any.run/tasks/0b98c2b4-3900-49d1-b175-f908062be1bd/
File Encryption Patterns
DCRTR-WDM modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..crypt
..PAFOS
..SONG
..COLORIT
..COPAN
..WALAN
..CAGO
..STAFS
..SOS
..GOLD
..LOCK
..CRYZP
..LOCKEDS
..ngecqlu
Ransom Note and Payment Demands
After encrypting files, DCRTR-WDM displays ransom notes demanding payment for file recovery:
HOW TO DECRYPT FILES.txt
Ransom message:
notes/HOW TO DECRYPT FILES.txt
Note locations:
EveryFolder
info.hta
Ransom message:
notes/info.hta
Note locations:
EveryFolder
HOW TO DECRYPT FILES.hta
Ransom message:
notes/HOW TO DECRYPT FILES.hta
Note locations:
EveryFolder
DECRYPT_INFO.txt
Ransom message:
notes/DECRYPT_INFO.txt
Note locations:
EveryFolder
DECRYPT_INFO.hta
Ransom message:
notes/DECRYPT_INFO.hta
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with DCRTR-WDM ransomware:
wdm.exe
setup.exe
setup (1).exe
svchost.exe
dllhost.exe
wpm.exe
smss.exe
sms.exe
__possible virus sample that infected me.zip
smms.exe
Elastio Can Help You
Don't let DCRTR-WDM ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This DCRTR-WDM ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like DCRTR-WDM.
Last updated: July 30, 2025