Deadfiles Ransomware Description
The Deadfiles Ransomware is a file-locking Trojan that's from the family of the MedusaLocker Ransomware. The Deadfiles Ransomware can lock media files on the user's computer and later sell an unlocking or decryption service. Users should preserve their backups carefully for recovering and have anti-malware products accessible for removing the Deadfiles Ransomware.
Death Comes for Data Just as Easily as People
The MedusaLocker Ransomware, a minor family of Trojans that's been ransacking files for a year, is up to a new campaign with the name of the Deadfiles Ransomware. The accurately-entitled continues the monetized attacks of locking files with encryption so that they can't open, and proceeding with ransom demands after the fact. Although Windows users are most at risk from this threat, malware experts have yet to confirm the circulation channels that it's using.
The Deadfiles Ransomware's samples are out in the wild since April of 2020 and could be hidden with fake Windows files ('svhost.exe' [sic]) names temporarily while they're blocking files. The encryption routine that the Deadfiles Ransomware uses can lock various media formats in widespread use, such as most documents, pictures, text files, databases, spreadsheets, archives, and music and other audio. The Deadfiles Ransomware also adds its unique extension into their names, like most file-locker Trojans.
The Deadfiles Ransomware uses an almost-identical note for ransoming its unlocker as its nearest relatives within its family. Points for comparison include the Best Recovery Ransomware, the Decrypme Ransomware, the Support Ransomware and the VinDizelPux Ransomware. The HTML instructions are in English, give the victim an ID, and provide an e-mail (but no overt price) for buying the decryptor from the attacker. Decryption services from criminals tend to be unreliable, and malware experts suggest avoiding them, if possible.
Backup Services Showing that Some Resurrections Come Easier than Others
The Medusalocker Ransomware family is one of several Trojan groups that target corporate entities and other businesses with the potential for lucrative, ransom-based payouts. However, the Deadfiles Ransomware is similarly threatening to home users, especially those who lack backup precautions. Saving additional copies of media files to cloud services or removable devices will limit the Deadfiles Ransomware's ability to cause irreversible damage, as is usually so with threatening encryption attacks.
Business entities can reduce their endangerment from the Deadfiles Ransomware's campaign by installing security-related patches on their server infrastructure, limiting RDP and admin privileges and using strong passwords. Individuals should avoid torrents and illegal download resources, and all users should be careful around e-mail attachments and macro-bearing documents. Since no non-Windows versions of the Deadfiles Ransomware are available, users on macOS, Android and other Oses should be immune.
Although the Deadfiles Ransomware is similar to the Globe Imposter 2.0 Ransomware visually, readers should remember that they're unrelated and use separate decryption solutions.
There's no more natural way to leave your files for dead than to keep a single copy of them on a PC that's at risk from Trojans. Where threats like the Deadfiles Ransomware walk, lost content appears in their wake, but even one backup will do to keep the worst from happening.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Deadfiles Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.