Remove DEDCryptor Ransomware and Restore .ded Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove DEDCryptor Ransomware and Restore .ded Encrypted Files

OFFER

SCAN YOUR MAC
with Combo Cleaner

Scan Your System for Malicious Files
Note! Your system might be affected by DEDCrypt and other threats
Threats such as DEDCrypt may be persistent. They tend to re-appear if not fully deleted. A malware removal tool like Combo Cleaner will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
Combo Cleaner’s scanner is free but the paid version is needed to remove the malware threats. Read Combo Cleaner’s EULA and Privacy Policy.

ClACg6VWsAAdQkgA ransomware virus is known by the name DEDCryptor adding the .ded (grandpa in Russian) file extension to encrypted files. The encryptor then changes the wallpaper of users to a message notifying users their files are enciphered. The message features a vulgar photo of Santa Claus, making it all seem like a joke. However, DEDCryptor is no joke; it demands the sum of 2 BTC which is around 700 USD to restore access to the user. And what is worse, the ransomware uses a 32 character password randomly generated after it encrypts the files with Advanced Encryption Standard (AES) cipher.

Threat Summary

NameDEDCrypt
TypeRansomware
Short DescriptionThe ransomware encrypts files with the AES-256 cipher and asks a ransom payment for decryption.
SymptomsFiles are enciphered and become inaccessible. A ransom note with instructions for paying the ransom shows as a wallpaper.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by DEDCrypt

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Locky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Users infected with DEDCryptor should be advised that there is no breakthrough in decryption so far. However, it is recommended to NOT pay the ransom of 2 BTC and instead, remove this crypto-virus and attempt to restore your files using alternative methods such as the ones posted in this article.

DEDCryptor – Spreading Methods

So far it is unclear whether DEDCryptor uses only one method to infect users or if they are more than one. Either way, infected users report seeing malicious URLs which cause browser redirects to other web links which could contain the malware itself.

Users may see the malware featured in web links such as the one below:

spam-email-sensorstechforum

In addition to that DEDCryptor may be spread anywhere else where such URLs can be posted – forums, comments, social media private messages, posts in groups, etc.

DEDCryptor In Depth

Once installed on the user PC, DEDCryptor situates its payload by masking it behind different names, sometimes randomly generated in different Windows directories, for example:

commonly-used-file-names-and-folders

In addition to that, DEDCryptor crypto-virus takes advantage of different registry entries to change the wallpaper and make itself run on Windows startup:

HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After this, the ransomware begins to scan for different files to encrypt. malware researchers report affected files to be the following:

.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .dll, .lnk, .pdf Source: Symantec

The encrypted files have the .ded file extension appended to them, for example:

New Text Document.txt.ded

The encryption algorithm being used by DEDCryptor ransomware has been reported to be AES-256, which generates a unique password and may send it over to the command and control (C&C) center of the cyber-criminals.

Researchers believe that this is what appears to be a variant of EDA2 ransomware, suggesting the virus could have been posted for sale in the deep web markets. This may generate additional profits for the creators of EDA2 ransomware and in addition to that spread the ransomware further and infect more users. Either way, experts strongly advise against paying any ransom to the cyber-criminals behind DEDCryptor because of several obvious reasons:

  • There is no guarantee you will receive your files back.
  • You support the cyber-criminals.

Remove DEDCryptor Ransomware and Try To Restore the Encrypted Files

To remove this ransomware, be advised that you should isolate the threat first. After this, it is recommended to check for any processes related to DEDCryptor which may be actively running on your computer. After this, the files can be deleted as long as the user has cleaned up the registries. The full instructions for this can be located in the manual below.

For maximum results, experts advise using an advanced anti-malware program which will surely take care of the threat and detect other malware as well If on your computer.

To restore your data, it is advisable to try using the alternatives in the instructions below. They do not have 100 percent guarantee but may restore at lease a small portion of your files.

Note! Your computer system may be affected by DEDCrypt and other threats.
Scan Your MAC with Combo Cleaner
Combo Cleaner is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as DEDCrypt.
Keep in mind, that Combo Cleaner needs to purchased to remove the malware threats. Click on the corresponding links to check Combo Cleaner’s EULA and Privacy Policy.

Manually delete DEDCrypt from your Mac

1. Uninstall DEDCrypt and remove related files and objects
2. Remove DEDCrypt – related extensions from your Mac’s browsers

Automatically remove DEDCrypt from your Mac

When you are facing problems on your Mac as a result of unwanted scripts and programs such as DEDCrypt, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.


Download

Combo Cleaner

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...