Deadly Ransomware Encrypts Files With AES-256 Cipher - How to, Technology and PC Security Forum |

Deadly Ransomware Encrypts Files With AES-256 Cipher

deadly-ransomware-sensorstechforum-virusA ransomware virus, known as Deadly has been detected by malware researchers recently. The virus was reported to create several different files on the computer after which encrypt the important data in it and drop a ransom note demanding $500 payment in BitCoin to decrypt the AES-256 enciphered data. Even though it is not yet confirmed that Deadly ransomware is on the loose and began infecting users, it is strongly advisable to not pay any ransom money if you have already encountered it. Instead it is advisable to remove Deadly ransomware on sight and attempt alternative methods to restore your documents, photos as well as other files if they have been enciphered by this nasty virus

Threat Summary

Short DescriptionThe ransomware encrypts files on infected computers with the AES-256 encryption algorithm and asks 500$ ransom payoff to decrypt them.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Deadly


Malware Removal Tool

User ExperienceJoin our forum to Discuss Deadly Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Deadly Ransomware – Spread

Allegedly, Deadly ransomware may spread a malicious executable which contains an exploit kit or a .js file containing JavaScript. These files may be spread via a malicious e-mail attachment or fake setups uploaded online. Another form of spreading the files is via fake websites that advertise them as helpful software or free setups. In addition to this, the viruses may also spread via other methods such as malicious URLs spammed on social media as well as on forums and others. To perform a successful infection, cyber criminals such as the ones behind Deadly ransomware could use several different tools to cause a successful infections, like spam bots, malware obfuscators, injectors, file joiners and others, depending on which method they have decided to spread the malware with. This is why it is advisable to use a non-commercial advanced anti-malware solution which has active shields in real time and will stop such attacks on their tracks.

Deadly Ransomware – More Information About the Virus

Deadly Ransomware is a threat that may act in a file-less manner via JavaScript and immediately get to the point of encrypting files of the infected computer. The virus may begin to look for widely used types of files that are often used such as:

  • Videos.
  • Images.
  • Audio files.
  • Documents.
  • Files associated with programs the user has installed.

After the encryption by Deadly ransomware has been completed, the virus renders the files unusable by appending an AES-256 encryption algorithm on them. This changes the structure code of the files, making them no longer openable by any program. Upon opening, Windows begins to seek the proper software to open the file with:


After the encryption process has completed, the Deadly virus drops it’s ransom note with a long and detailed demand towards the victim:

→“Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click “Show encrypted files” Button to view a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key AES-256 generated for this computer. To decrypt files, you need to obtain the private key. The only copy of the private key, which will allow you to decrypt your files is located on a secret server on the Internet; the server will eliminate the key after a time period specified in this window. Once this has been done, nobody will ever be able to restore files… To decrypt the file you will need to send $500 USD in the form of BTC to the following bitcoin address:
{Payment Information}
After payment contact {e-mail} with your transaction details and “USER ID.” Once the payment is confirmed you will receive decryption key along with decryption software. Any attempt to remove or corrupt this software will result in immediate elimination of the private key by the server. Beware.”

Judging by the ransom note, cyber-criminals threaten to destroy the decryption keys if the infection is eradicated from the computer. This is not always the case and paying the cyber-criminals may not solve the problem and decrypt your files as well. Furthermore, the note does not have a specific e-mail for contact, which immediately points out that this ransomware is being sold online in the deep web as a service and may be used by many ransomware operators who paid for it. Infections are expected to rise in the future.

Remove Deadly Ransomware and Restore Encrypted Files

To remove Deadly ransomware, we strongly recommend that you follow our removal instructions below. In case you have a hard time locating the ransomware or believe it has not created any permanent files or objects on the computer, malware researchers recommend scanning your computer for malware. The best method to do this is to use an advanced anti-malware program which will detect any files encrypted by this virus and eradicate them completely.

Just like other non-decryptable viruses, at the moment there Is no free way to decrypt files that have been encoded by Deadly Ransomware. However, there are alternative methods that may help you recover your files partially. We have mentioned some of those methods in step “2. Restore files encrypted by Deadly” below and strongly advise you to attempt them, even though they are not 100% guaranteed to be restore every file.

Image Source: @MalwareHunterTeam (Twitter)


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share