DirtyDecrypt is a ransomware that infiltrates systems and encrypts various types of files (including .pdf, .doc, .jpeg, etc.). During the encryption process, DirtyDecrypt embeds an image file into each encrypted file. Thus, when victims try to open an encrypted file, the image (which contains a ransomware message) is opened. Research shows that this ransomware can be distributed using spam emails (with malicious attachments) and other viruses that download ransomware. DirtyDecrypt infiltrates explorer.exe, svchost.exe and winlogon.exe, legitimate Windows processes.