top of page


Public·17 members
Ewurafua Ainooson
Ewurafua Ainooson

DeathRansom Ransomware Can Actually Encrypt Files Now

DeathRansom Ransomware Can Actually Encrypt Files Now

Ransomware is a type of malware that encrypts the files of the victims and demands a ransom for their decryption. One of the recent ransomware families that has emerged is DeathRansom, which was initially considered a joke because it did not actually encrypt files, but only renamed them with a ".wctc" extension. However, according to a new analysis by FortiGuard Labs, DeathRansom has evolved and can now perform real encryption using a combination of AES and RSA algorithms.

Download File:

DeathRansom was first spotted in November 2019, when it was reported by several security researchers and victims. The ransomware claimed to encrypt files using AES-256 and RSA-2048, but in reality, it only appended a string of 0x00 bytes to the files and changed their extension. This made it easy to recover the files by removing the added bytes and restoring the original extension.

However, in late November 2019, FortiGuard Labs observed a new version of DeathRansom that had improved its encryption routine. The ransomware now generates a random AES key for each file and encrypts it with the public RSA key embedded in the malware. The encrypted AES key and the original file name are then appended to the encrypted file. The ransomware also deletes the shadow copies of the files to prevent recovery using Windows tools.

The ransom note of DeathRansom is personalized for each victim and contains a unique Tor URL that leads to a chat interface where the victim can communicate with the attackers. The ransom amount and the deadline are not specified in the note, but are negotiated through the chat. The attackers also offer to decrypt one file for free as proof.

DeathRansom is distributed through spam emails that contain malicious attachments or links. The attachments are usually ZIP or RAR archives that contain an executable file with a misleading icon, such as a PDF or a Word document. The links lead to fake websites that prompt the user to download and run an update or a patch for a legitimate software.

To protect against DeathRansom and other ransomware threats, users should follow some basic security practices, such as:

  • Do not open attachments or click on links from unknown or suspicious sources.

  • Keep your system and applications updated with the latest security patches.

  • Use a reliable antivirus software and scan your system regularly.

  • Backup your important files to an external drive or a cloud service.

  • Do not pay the ransom if you get infected, as there is no guarantee that you will get your files back.

For more information about DeathRansom, you can read the detailed analysis by FortiGuard Labs or check out the Malwarebytes blog for detection and removal instructions.


Welcome to the group! You can connect with other members, ge...


Group Page: Groups_SingleGroup
bottom of page