DeathNote Hackers Ransomware

DeathNote Hackers Ransomware Description

The 'DeathNote Hackers' Ransomware is a file encoder Trojan that was reported on April 18th, 2017. The threat's name is derived from the custom wallpaper dropped to infected computers, which carry the title 'DeathNote Hackers. ' The same name is used by a group of hackers based in Indonesia who have a group page on Facebook. It is still not clear if the people behind the 'DeathNote Hackers' Ransomware or a rivaling team is trying to frame them. However, the 'DeathNote Hackers' Ransomware is a credible threat to users based in Southeast Asia, and reports suggest its primary targets are regular Windows OS users.

The payload of the threat may be delivered to users as a macro-enabled document, which is attached to a spam email. The 'DeathNote Hackers' Ransomware is classified as a low-tier -threat that uses the Rijndael encryption algorithm to lock data on the system. The Trojan at hand functions like the Cry9 Ransomware and it is reported to delete the Shadow Volume Copies made by Windows, as well as generate a unique encryption key. The 'DeathNote Hackers' Ransomware is programmed to scan the compromised computer for accessible storage devices and encrypt files in their entirety as opposed to encrypting the file header only. You can recognize the affected files by looking at their filenames and icons. The locked objects feature the '.fucked' extension. Thus, 'Mint Julep Rose.jpeg' is renamed to 'Mint Julep Rose.jpeg.fucked' and has a generic white icon. The 'DeathNote Hackers' Ransomware is likely to encrypt data in the following formats:


As stated above, the 'DeathNote Hackers' Ransomware changes the desktop background to a custom image that says 'DeathNote Hackers' and includes a man in a black hoodie wearing a dark mask with a white skull pattern. The Trojan generates a small program window that acts as the ransom request, which says:

'Your Computer files is encrypted
all files is encrypted witch extremely
powerfull new RIJINDAEL encryption
that no one can break except you have
a private string and IVs
To Decrypt Your File You Should Pay Me
0.5 BTC
Enter your code here: [TEXT BOX]'

Fortunately, cyber security researchers were able to break the encryption mechanism so that compromised users might want to input the code '83KYG9NW-3K39V-2T3HJ-93F3Q-GT' (without the quotes) in the textbox mentioned above. You may not need to consider paying the 0,5 Bitcoin (604 USD/564 EUR) requested by the Trojan. However, the authors of the threat may release an updated version where they have addressed the vulnerability in their initial product release. The 'DeathNote Hackers' Ransomware may not be as sophisticated as the NotAHero Ransomware but it is a threat that you should take into consideration, and you may want to set up proper defenses. It is best to incorporate a reliable backup manager to secure your files, and you may want to add a trusted anti-spyware tool to your OS that can recognize unsafe links and objects that may be used by the 'DeathNote Hackers' Ransomware.

Infected with DeathNote Hackers Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect DeathNote Hackers Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 8 + 2 ?