DeathRansom ransomware was first recorded in November 2019, but until recently it was considered a joke. According to the Fortinet [1,2] cyber-security company, DeathRansom can now encrypt files via a strong encryption framework.

Previously, DeathRansom could only pretend ransomware, without any user files being encrypted. The original versions would just apply a file extension to all user files and submit a ransom note for ransom funds.

The developers of DeathRansom only used it to force victims to pay a ransom fee and the users never knew that their files were not necessarily encrypted.

Indeed, it was pretty easy to get back file access. All they had to do was to delete the second file extension.

It seems that DeathRansom developers have continued to work on the code and the newer versions still work as true ransomware.

Fortinet notes that the current DeathRansom strains use a complex mix of the Elliptic Curve Diffie-Hellman (ECDH) key swaps, Salsa20, RSA-2048, AES-256 ECB and a simple block XOR file encrypt algorithm.


Please enter your comment!
Please enter your name here