Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Deadly Ransomware Encrypts Files With AES-256 Cipher

deadly-ransomware-sensorstechforum-virusA ransomware virus, known as Deadly has been detected by malware researchers recently. The virus was reported to create several different files on the computer after which encrypt the important data in it and drop a ransom note demanding $500 payment in BitCoin to decrypt the AES-256 enciphered data. Even though it is not yet confirmed that Deadly ransomware is on the loose and began infecting users, it is strongly advisable to not pay any ransom money if you have already encountered it. Instead it is advisable to remove Deadly ransomware on sight and attempt alternative methods to restore your documents, photos as well as other files if they have been enciphered by this nasty virus

Threat Summary

NameDeadly
TypeRansomware
Short DescriptionThe ransomware encrypts files on infected computers with the AES-256 encryption algorithm and asks 500$ ransom payoff to decrypt them.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Deadly

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Deadly Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Deadly Ransomware – Spread

Allegedly, Deadly ransomware may spread a malicious executable which contains an exploit kit or a .js file containing JavaScript. These files may be spread via a malicious e-mail attachment or fake setups uploaded online. Another form of spreading the files is via fake websites that advertise them as helpful software or free setups. In addition to this, the viruses may also spread via other methods such as malicious URLs spammed on social media as well as on forums and others. To perform a successful infection, cyber criminals such as the ones behind Deadly ransomware could use several different tools to cause a successful infections, like spam bots, malware obfuscators, injectors, file joiners and others, depending on which method they have decided to spread the malware with. This is why it is advisable to use a non-commercial advanced anti-malware solution which has active shields in real time and will stop such attacks on their tracks.

Deadly Ransomware – More Information About the Virus

Deadly Ransomware is a threat that may act in a file-less manner via JavaScript and immediately get to the point of encrypting files of the infected computer. The virus may begin to look for widely used types of files that are often used such as:

  • Videos.
  • Images.
  • Audio files.
  • Documents.
  • Files associated with programs the user has installed.

After the encryption by Deadly ransomware has been completed, the virus renders the files unusable by appending an AES-256 encryption algorithm on them. This changes the structure code of the files, making them no longer openable by any program. Upon opening, Windows begins to seek the proper software to open the file with:

cannot-open-file-deadly-ransomware-sensorstechforum

After the encryption process has completed, the Deadly virus drops it’s ransom note with a long and detailed demand towards the victim:

→“Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click “Show encrypted files” Button to view a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key AES-256 generated for this computer. To decrypt files, you need to obtain the private key. The only copy of the private key, which will allow you to decrypt your files is located on a secret server on the Internet; the server will eliminate the key after a time period specified in this window. Once this has been done, nobody will ever be able to restore files… To decrypt the file you will need to send $500 USD in the form of BTC to the following bitcoin address:
{Payment Information}
After payment contact {e-mail} with your transaction details and “USER ID.” Once the payment is confirmed you will receive decryption key along with decryption software. Any attempt to remove or corrupt this software will result in immediate elimination of the private key by the server. Beware.”

Judging by the ransom note, cyber-criminals threaten to destroy the decryption keys if the infection is eradicated from the computer. This is not always the case and paying the cyber-criminals may not solve the problem and decrypt your files as well. Furthermore, the note does not have a specific e-mail for contact, which immediately points out that this ransomware is being sold online in the deep web as a service and may be used by many ransomware operators who paid for it. Infections are expected to rise in the future.

Remove Deadly Ransomware and Restore Encrypted Files

To remove Deadly ransomware, we strongly recommend that you follow our removal instructions below. In case you have a hard time locating the ransomware or believe it has not created any permanent files or objects on the computer, malware researchers recommend scanning your computer for malware. The best method to do this is to use an advanced anti-malware program which will detect any files encrypted by this virus and eradicate them completely.

Just like other non-decryptable viruses, at the moment there Is no free way to decrypt files that have been encoded by Deadly Ransomware. However, there are alternative methods that may help you recover your files partially. We have mentioned some of those methods in step “2. Restore files encrypted by Deadly” below and strongly advise you to attempt them, even though they are not 100% guaranteed to be restore every file.

Image Source: @MalwareHunterTeam (Twitter)

Manually delete Deadly from your computer

Note! Substantial notification about the Deadly threat: Manual removal of Deadly requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Deadly files and objects
2.Find malicious files created by Deadly on your PC

Automatically remove Deadly by downloading an advanced anti-malware program

1. Remove Deadly with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Deadly
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.