DoggeWiper ransomware is crypto malware created by vulgar authors and is usually transmitted via Discord

DoggeWiper is a ransomware-type virus that was first discovered in late February 2019. The original name is still debatable as malware authors use several other titles in their notes, such as Powerhentai or Idiot ransomware, which only confirms that the threat is not properly developed. Instead of encrypting data with a strong algorithm, DoggeWiper ransomware changes the structure of each file so that it would instead open RacWmiDatabase.sdf.txt file (which is also a ransom note), which contains a vulgar text, filled with swearwords and an ASCII Text Art picture of a well-known Doge meme. Nevertheless, just as many other ransomware viruses, DoggeWiper also appends a file extension, which in this case is .vscode. The malware is known to be distributed via the Discord app, when users download files like The_power_of_hentai.exe, Idiot.exe, BandagedBD_Windows_1.exe, DiscordAccessPlugin.exe, or update_discord.exe.
| Name | DoggeWiper |
| Alternative names | Powerhentai, Idiot |
| Type | Ransomware |
| File extension | .vscode |
| Ransom demand | None. It is believed that malware is developed for data wiping purposes |
| Associated files | The_power_of_hentai.exe, Idiot.exe, BandagedBD_Windows_1.exe, DiscordAccessPlugin.exe, or update_discord.exe |
| Distribution | Discord, malicious files |
| Decryptable? | No |
| Elimination | Download and install security software that can recognize the threat |
| System recovery | Use FortectIntego to recover from damage inflicted by ransomware |
Even though DoggeWiper ransomware is known to be distributed via Discord app, it does not mean that other propagation methods are not used. Typical crypto-malware distribution methods include spam email attachments or links, repacked installers, cracks, fake updates, exploits, etc. Refer to the second section of the article to prevent DoggeWiper or other threat infiltration.
One DoggeWiper ransomware settles, it installs multiple new files, executes services, modifies Windows Registry, and performs many other operations that increase threat's persistence on the device and possibly prevent DoggeWiper ransomware removal. After the encryption, each file is modified in the following way: picture.jpg is turned into picture.jpg.vscode. From that time, each time the victim clicks on one of such files, a RacWmiDatabase.sdf.txt is opened instead, which contains the following text (censored):
my name is tostring and your pc is now f*cked
f*uck you pain exist you f*cking n*gger
now go f*cking cry to your skid friends and your skid followers/fans about how your pc just died megalul────────▌▒█─────────── ▄▀▒▌
────── ──▌▒▒▀▄───────▄▀▒▒▒▐
───────▐▄▀▒▒▀▀▀▀▄▄▄▀▒▒▒▒▒▐
──── ─▄▄▀▒▒▒▒▒▒▒▒▒▒▒█▒▒▄█▒▐
───▄▀▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▀██▀▒▌
── ▐▒▒▒▄▄▄▒▒▒▒▒▒▒▒▒▒▒▒▒▀▄▒▒▌
──▌▒▒▐▄█▀▒▒▒▒▄▀█▄▒▒▒▒▒▒▒█ ▒▐
─▐▒▒▒▒▒▒▒▒▒▒▒▌██▀▒▒▒▒▒▒▒▒▀▄▌
─▌▒▀▄██▄▒▒▒▒ ▒▒▒▒▒▒░░░░▒▒▒▒▌
─▌▀▐▄█▄█▌▄▒▀▒▒▒▒▒▒░░░░░░▒▒▒▐
▐▒▀▐▀▐▀ ▒▒▄▄▒▄▒▒▒▒▒░░░░░░▒▒▒▒▌
▐▒▒▒▀▀▄▄▒▒▒▄▒▒▒▒▒▒░░░░░░▒▒▒▐
─▌▒▒▒▒▒▒▀▀▀▒▒▒▒▒▒▒▒░░░░▒▒▒▒▌
─▐▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▐
──▀▄▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▄▒ ▒▒▒▌
────▀▄▒▒▒▒▒▒▒▒▒▒▄▄▄▀▒▒▒▒▄▀
───▐▀▒▀▄▄▄▄▄▄▀▀▀▒▒▒▒ ▄▀
──▐▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▀▀wow such beutiful files
such wow
made by minecraft master and tostring
As evident, no contact information or Bitcoin wallet is provided, which concludes that DoggeWiper ransomware was not created for money extortion purposes. Instead, it is most likely dedicated to annoy users and destroy their files. What is more, crooks are extremely vulgar while delivering their message…
Regardless if contact information is provided or not, most security experts[1] do not recommend contacting threat actors, as the possibility of getting scammed is quite high. Thus, merely remove DoggeWiper ransomware with adequate[2] security application and only then attempt file recovery with the help of third-party tools if you had no backups ready.
Finally, to recover from DoggeWiper virus damage, we suggest you scan your device with FortectIntego – it can recover your vital computer system parts, such as Windows Registry.

Do not download suspicious executables from communication apps like Discord
Hackers who distribute malware are often relying on social engineering, whether it is a sophisticated one or quite amateur. While the former might increase the number of overall infections, the latter will trick novice computer users, including younger audiences.
Discord is often used by gaming communities, and phishing attempts are a frequent occurrence on the platform. Quite often, criminals pretend to upload some sort of crack or cheat for the specific video game that would provide bot functionality, or increase in-game currency.
All users have to do is download and execute the file, only to find out that the alleged cheat infected their computers with malware. Very known cases of such tricks were used in Fortnite virus attacks.[3]
Therefore, be aware that unknown chats or channels that provide links ask for your credentials or offer cheat tools are most likely malware. Never communicate with such individuals or click on links that they provide. Additionally, we suggest you install reputable anti-malware software that would be able to keep virus infections away.
Get rid of DoggeWiper ransomware using reputable removal tools
While DoggeWiper virus might be just as an experiment or was made as a “joke,” the infected users have nothing to be joking about, since ransomware can lead to full personal file loss. Because the decryptor for this threat is not available, it is, unfortunately, a highly likely scenario. Nevertheless, you need to remove DoggeWiper ransomware before you attempt file recovery.
To perform complete DoggeWiper ransomware removal, you will have to enter Safe Mode with Networking as explained below. It is a safe environment that launches only the most necessary services and drivers, temporarily disabling malware. Once there, you should thoroughly scan your device with anti-malware software to get rid of the virus altogether.
Was this guide helpful?
Be the first to comment