Home Malware Programs Ransomware Deadfiles Ransomware

Deadfiles Ransomware

Posted: August 6, 2020

The Deadfiles Ransomware is a file-locking Trojan that's from the family of the MedusaLocker Ransomware. The Deadfiles Ransomware can lock media files on the user's computer and later sell an unlocking or decryption service. Users should preserve their backups carefully for recovering and have anti-malware products accessible for removing the Deadfiles Ransomware.

Death Comes for Data Just as Easily as People

The MedusaLocker Ransomware, a minor family of Trojans that's been ransacking files for a year, is up to a new campaign with the name of the Deadfiles Ransomware. The accurately-entitled continues the monetized attacks of locking files with encryption so that they can't open, and proceeding with ransom demands after the fact. Although Windows users are most at risk from this threat, malware experts have yet to confirm the circulation channels that it's using.

The Deadfiles Ransomware's samples are out in the wild since April of 2020 and could be hidden with fake Windows files ('svhost.exe' [sic]) names temporarily while they're blocking files. The encryption routine that the Deadfiles Ransomware uses can lock various media formats in widespread use, such as most documents, pictures, text files, databases, spreadsheets, archives, and music and other audio. The Deadfiles Ransomware also adds its unique extension into their names, like most file-locker Trojans.

The Deadfiles Ransomware uses an almost-identical note for ransoming its unlocker as its nearest relatives within its family. Points for comparison include the Best Recovery Ransomware, the Decrypme Ransomware, the Support Ransomware and the VinDizelPux Ransomware. The HTML instructions are in English, give the victim an ID, and provide an e-mail (but no overt price) for buying the decryptor from the attacker. Decryption services from criminals tend to be unreliable, and malware experts suggest avoiding them, if possible.

Backup Services Showing that Some Resurrections Come Easier than Others

The Medusalocker Ransomware family is one of several Trojan groups that target corporate entities and other businesses with the potential for lucrative, ransom-based payouts. However, the Deadfiles Ransomware is similarly threatening to home users, especially those who lack backup precautions. Saving additional copies of media files to cloud services or removable devices will limit the Deadfiles Ransomware's ability to cause irreversible damage, as is usually so with threatening encryption attacks.

Business entities can reduce their endangerment from the Deadfiles Ransomware's campaign by installing security-related patches on their server infrastructure, limiting RDP and admin privileges and using strong passwords. Individuals should avoid torrents and illegal download resources, and all users should be careful around e-mail attachments and macro-bearing documents. Since no non-Windows versions of the Deadfiles Ransomware are available, users on macOS, Android and other Oses should be immune.

Although the Deadfiles Ransomware is similar to the Globe Imposter 2.0 Ransomware visually, readers should remember that they're unrelated and use separate decryption solutions.

There's no more natural way to leave your files for dead than to keep a single copy of them on a PC that's at risk from Trojans. Where threats like the Deadfiles Ransomware walk, lost content appears in their wake, but even one backup will do to keep the worst from happening.

Loading...