Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Death Bitches Ransomware and Restore Encrypted Files

This article aims to help you remove Death Bitches virus from your computer and to try and restore the encrypted files.

Yet another ransomware variant has been detected out in the wild, calling itself Death Bitches . The virus most likely uses either AES or RSA encryption algorithms to encode the files on the computers it has compromised. Not only this, but the virus also aims to drop a ransom note that informs the user of his misfortune and the fact that he has to pay 1.5 BTC to get the files encrypted by Death Bitches ransomware.

Threat Summary

Name

Death Bitches

TypeRansomware
Short DescriptionRansomware virus, which encrypts the files on the compromised computer and then leaves a mocking ransom note.
SymptomsInstructions named Death Bitches pop-up demanding 1.5 BTC from the victim to pay to get the files back. Payment not advisable.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Death Bitches

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Death Bitches.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Death Bitches Virus Infects

Death Bitches ransomware may use a technique similar to the Angry Duck ransomware. One of those tricks is to use phishing e-mails that pretend to be from a legitimate source, but in fact may contain a malicious web link in the form of a fake button, like the below-displayed fake LinkedIn invite.

Other forms of replication may include the usage of Malicious JavaScript in combination with malware obfuscators and exploit kits to spread the malware via malicious e-mail attachment or file sent via chat software or social media.

Death Bitches – What Happens After Infection

When the use clicks on a malicious URL or opens a malicious file, the virus may drop files in key windows folders, like the following:

  • %Local%
  • %Roaming%
  • %AppData%
  • %User’s Profile%

Furthermore, more files, like the ransom note of Death Bitches ransomware may be dropped in the %Startup% folder, to run every time Windows starts. In addition to this, the ransomware may also insert maliciously configured registry objects in the Windows Registry editor with the purpose of running the encryption on Windows boot.

If the file belonging to Death Bitches virus is executed, it may insert malicious code in legitimate Windows processes to allow the uninterrupted encryption of often-used videos, music, documents and other types of files. Amongst the many files encrypted by Death Bitches may be the following:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After the encryption takes place, the files encoded can no longer be opened. Death Bitches then displays the following ransom note:

“Death Bitches
You have achieved something
You just got my little brand new ransomware
Anyways, lets talk about your files and PC
Your files are crypted with strong encryption that is literally uncrackable
Pay 1.5 BTC and I am going to decrypt your files.
Death, be not proud though some have called thee.
Mighty and dreadful, for thou art not so;
*You have got 47 hours to make a payment. If time is up, the your data is going to be deleted.”

Remove Death Bitches Ransomware and Restore Encrypted Files

Malware researchers advise not to pay any form of ransom and instead focus on removing this virus from your computer. Since it heavily modifies multiple different aspects of an infected machine, advises are to follow the removal instructions below. In case you are lacking the experience in interfering with registries and files created by malware, we advise using an advanced anti-malware program which will safely erase the malicious traces of Death Bitches ransomware from your computer.

After having removed Death Bitches virus, you may want to wait until a free decryptor is released and save the encrypted files in several copies. We will update this article if a decryptor is released, so this is why we suggest you to check regularly. In the mean-time as a part-time temporary solution, it is recommended to try and use the alternative file restoration methods with copies of the encrypted files. They are located below in step “2. Restore files encrypted by Death Bitches” and are no guarantee you will restore all your files but may work for at least some of them .

Manually delete Death Bitches from your computer

Note! Substantial notification about the Death Bitches threat: Manual removal of Death Bitches requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Death Bitches files and objects
2.Find malicious files created by Death Bitches on your PC

Automatically remove Death Bitches by downloading an advanced anti-malware program

1. Remove Death Bitches with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Death Bitches
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.