Dotmap ransomware is a malicious software that stealthily penetrates the PC system and encrypts files that stored on computer disks. While encrypting, it renames all encrypted photos, documents and music so that they have the .dotmap file extension.
Files encrypted by “.dotmap ransomware”
Immediately after the launch, the .Dotmap ransomware scans all available drives, including network and cloud storage, to determine which files will be encrypted. The ransomware uses the file name extension, as a way to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:
.pef, .iwi, .wdp, .das, .odb, .wmd, .mpqge, .fos, .xll, .crt, .accdb, .xlgc, .jpeg, .webp, .psk, .y, .mdbackup, .dazip, .xx, .wps, .orf, .ysp, .arw, .x3f, .ntl, .nrw, .wbz, .pak, .eps, .zif, .wmf, .0, .ltx, .wmv, .xmind, .pptx, .arch00, .ibank, .wb2, .sidd, .xbdoc, .qic, .xmmap, .webdoc, .ncf, .litemod, .slm, .vfs0, .vdf, .pst, .crw, .wn, .gho, .wp7, .x3f, .svg, .wpw, .ai, .odt, .d3dbsp, .wpt, .3ds, .wpd, .flv, .sr2, .pptm, .wma, .wmv, .pem, .t12, .bar, .rgss3a, .wpa, .wps, .xld, .vpp_pc, .wbd, .docm, .wpl, .3dm, .rwl, .pdd, .vcf, .mp4, .bik, .mdf, .der, .xlsx, .rtf, .cer, .dxg, .m3u, .srw, .wp4, .dba, .7z, .big, .mdb, .ptx, .t13, .wsd, .xls, .fsh, .bay, .xlk, .epk, .forge, .mrwref, .xar, .ztmp, .blob, .wp5, .wm, .r3d, .ybk, .zabw, .xls, .xlsx, .fpk, .rw2, .hkx, .wdb, .xdl, .wma, .wpe, .xy3, .rofl, .wotreplay, .xdb, .psd, .itm, .syncdb, .zi, .m4a, .sid, .sav, .png, .rb, .cr2, .tor, .docx, .lvl, .wbc, .dmp, .sis, .jpg, .wp6, .1st, .vpk, .dwg, .xxx, .odp, .wpg, .odm, .css, .snx, .wbk, .qdf, .x3d, .xlsm, .menu, .xml, .zdc, .ff, .jpe, .icxs, .csv, .itdb, .layout, .dbf, .x, .gdb, .sidn, .wot, .lbf, .rim, .pfx, .cfr, .xf, .mov, .wmo, .hkdb, .srf, .kdc, .raw, .sum, .lrf, .indd, .avi, .asset, .yal, .dcr, .wsh, .z, .cdr, .wri, .zip, .bsa, .xlsm, .zip, .wire, .map, .xpm, .rar, .erf, .wp, .wbm, .m2, .mef, .xlsb, .txt, .bc6, .3fr, .vtf, .wgz, .p7c, .wsc, .dng, .upk, .2bp, .pdf, .ppt, .pkpass, .kdb, .bkf, .cas, .doc, .mcmeta, .wpd, .zdb, .raf, .kf, .js, .ws, .wav, .bc7, .re4, .w3x, .db0, .wbmp, .xbplate, .esm, .xyw, .tax, .mlx, .z3d, .ods, .p7b, .hvpl, .sb, .apk, .wpb
Once the encryption process is complete, it will create a ransom demanding message named “_readme.txt” offering decrypt all users documents, photos and music if a payment is made. An example of the ransomnote is:
ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-6COaKAec5A Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Threat Summary
| Name | .Dotmap ransomware |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Encrypted files extension | .dotmap |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch, @datarestore (telegram) |
| Ransom amount | $490, $980 in Bitcoins |
| Symptoms |
|
| Removal | To remove .Dotmap ransomware use the removal guide |
| Decryption | To decrypt .Dotmap ransomware use the steps |
Use the step-by-step guidance below to delete ransomware virus and try to recover (decrypt) encrypted photos, documents and music for free.
Quick links
- How to remove .Dotmap ransomware virus
- How to decrypt .dotmap files
- Use STOPDecrypter to decrypt .dotmap files
- How to restore .dotmap files
- How to protect your PC from .Dotmap ransomware virus?
- Finish words
How to remove .Dotmap ransomware virus
Manual removal does not always help to completely remove the .Dotmap ransomware, as it’s not easy to identify and remove components of ransomware and all malicious files from hard disk. Therefore, it’s recommended that you run malware removal utility to completely delete .Dotmap ransomware off your machine. Several free malicious software removal utilities are currently available that may be used against the ransomware. The optimum method would be to use Zemana Anti-malware, Malwarebytes Free and Kaspersky Virus Removal Tool.
Automatically remove .Dotmap ransomware virus with Zemana Anti-malware
You can remove .Dotmap ransomware virus automatically with a help of Zemana Anti-malware. We recommend this malicious software removal tool because it can easily remove ransomware viruses, PUPs, adware software and trojans with all their components such as folders, files and registry entries.
Installing the Zemana AntiMalware (ZAM) is simple. First you’ll need to download Zemana AntiMalware on your Windows Desktop by clicking on the link below.
164032 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the downloading process is complete, close all windows on your computer. Further, run the install file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as displayed on the screen below, click the “Yes” button.
It will show the “Setup wizard” which will assist you install Zemana AntiMalware (ZAM) on the computer. Follow the prompts and do not make any changes to default settings.
Once install is complete successfully, Zemana will automatically start and you can see its main window like below.
Next, click the “Scan” button to perform a system scan with this tool for the .Dotmap ransomware virus related files, folders and registry keys. This procedure can take some time, so please be patient. While the Zemana Anti-Malware (ZAM) is checking, you can see number of objects it has identified either as being malware.
When the scan get finished, Zemana will open a list of all items detected by the scan. You may remove threats (move to Quarantine) by simply press “Next” button.
The Zemana AntiMalware (ZAM) will remove .Dotmap ransomware and other kinds of potential threats such as malware and potentially unwanted applications. After the process is finished, you can be prompted to reboot your machine.
How to automatically remove .Dotmap ransomware with MalwareBytes Free
Manual .Dotmap ransomware removal requires some computer skills. Some files and registry entries that created by the ransomware can be not fully removed. We suggest that use the MalwareBytes Free that are completely free your computer of ransomware virus. Moreover, this free program will help you to remove malware, worms, adware and trojans that your PC system can be infected too.
Installing the MalwareBytes Anti Malware (MBAM) is simple. First you’ll need to download MalwareBytes Anti Malware on your system from the link below.
326384 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the download is finished, close all programs and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s called mb3-setup as shown below.
When the setup begins, you will see the “Setup wizard” that will help you set up Malwarebytes on your machine.
Once installation is finished, you will see window as shown below.
Now click the “Scan Now” button . MalwareBytes Free application will scan through the whole machine for the .Dotmap ransomware and other malicious software. While the utility is checking, you can see number of objects and files has already scanned.
Once MalwareBytes has completed scanning your PC system, MalwareBytes Free will prepare a list of malicious software. All found threats will be marked. You can get rid of them all by simply click “Quarantine Selected” button.
The Malwarebytes will now delete .Dotmap ransomware virus and other malware . Once the task is complete, you may be prompted to reboot your computer.
The following video explains few simple steps on how to remove browser hijacker, adware and other malware with MalwareBytes Free.
Scan your system and delete .Dotmap ransomware virus with KVRT
KVRT is a free removal tool that can be downloaded and run to get rid of ransomware, adware, malicious software, potentially unwanted apps, trojans and other threats from your PC system. You can run this utility to search for threats even if you have an antivirus or any other security application.
Download Kaspersky virus removal tool (KVRT) on your PC from the link below.
129055 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
When the downloading process is complete, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is done, you will see the Kaspersky virus removal tool screen as displayed in the figure below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . KVRT tool will begin scanning the whole PC system to find out .Dotmap ransomware virus and other malware. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your computer. When a malicious software, adware or potentially unwanted software are found, the number of the security threats will change accordingly. Wait until the the scanning is complete.
Once that process is finished, Kaspersky virus removal tool will open a screen which contains a list of malicious software that has been found as shown in the following example.
When you’re ready, click on Continue to start a cleaning process.
How to decrypt .dotmap files
The .Dotmap ransomware uses a hybrid encryption mode. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the developers of the .Dotmap ransomware entire amount requested – the only method to try to get the decryption key and decrypt all your files.
Never pay the ransom! You might feel that you have no other choice but to pay up and decrypt .dotmap photos, documents and music quickly. There is no guarantee that the makers of .Dotmap ransomware will live up to the word and give back your personal files.
Files encrypted by “.dotmap ransomware”
With some variants of Dotmap ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .dotmap files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.dotmap).
Please check the twitter post for more info.
How to restore .dotmap files
In some cases, you can recover files encrypted by .Dotmap ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted documents, photos and music.
Recover .dotmap encrypted files using Shadow Explorer
A free tool called ShadowExplorer is a simple method to use the ‘Previous Versions’ feature of MS Windows 10 (8, 7 , Vista). You can recover .dotmap personal files encrypted by the .Dotmap ransomware from Shadow Copies for free.
Download ShadowExplorer from the link below.
438668 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After the download is finished, extract the saved file to a directory on your PC system. This will create the necessary files as shown below.
Launch the ShadowExplorerPortable program. Now select the date (2) that you wish to restore from and the drive (1) you wish to recover files (folders) from as shown in the following example.
On right panel navigate to the file (folder) you wish to restore. Right-click to the file or folder and press the Export button like below.
And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Recover .dotmap files with PhotoRec
Before a file is encrypted, the .Dotmap ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your personal files using file recover applications like PhotoRec.
Download PhotoRec from the link below. Save it to your Desktop so that you can access the file easily.
After the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the figure below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will display a screen like below.
Choose a drive to recover as displayed below.
You will see a list of available partitions. Choose a partition that holds encrypted photos, documents and music as shown in the figure below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.
Next, press Browse button to select where restored files should be written, then click Search.
Count of recovered files is updated in real time. All restored files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is done, press on Quit button. Next, open the directory where recovered photos, documents and music are stored. You will see a contents as shown on the image below.
All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your PC from .Dotmap ransomware virus?
Most antivirus programs already have built-in protection system against the ransomware. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, use the HitmanPro.Alert.
Run HitmanPro.Alert to protect your personal computer from .Dotmap ransomware
All-in-all, HitmanPro.Alert is a fantastic tool to protect your personal computer from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from Windows XP to Windows 10.
Download HitmanPro Alert on your computer by clicking on the link below.
When the download is finished, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the tool is started, you’ll be shown a window where you can select a level of protection, as displayed below.
Now click the Install button to activate the protection.
Finish words
Now your PC system should be free of the .Dotmap ransomware. Uninstall MalwareBytes AntiMalware (MBAM) and KVRT. We advise that you keep Zemana Anti Malware (to periodically scan your PC system for new malicious software). Make sure that you have all the Critical Updates recommended for MS Windows OS. Without regular updates you WILL NOT be protected when new ransomware virus, malicious apps and adware are released.
If you are still having problems while trying to delete .Dotmap ransomware virus from your PC system, then ask for help here.
