Deep Ransomware

Researchers have uncovered the Deep Ransomware program, a malicious software that operates with the primary intent of encrypting files and subsequently demanding a ransom payment in exchange for the decryption key.

The Deep Ransomware functions by systematically encrypting files on the compromised device and then altering their original filenames. Each file's name is appended with a unique identifier specific to the victim, the email address of the cybercriminals responsible, and a '.deep' extension. For example, a file having an the original name '1.jpg' would be transformed into '1.jpg.id[9ECFA94E-4452].[captain-america@tuta.io].deep.'

Following the completion of the encryption process, the ransomware generates ransom notes in two formats: a pop-up window labeled 'info.hta' and a text file labeled 'info.txt.' These notes are used to communicate with the victim and provide instructions on how to make the ransom payment for the decryption key. It's worth noting that Deep Ransomware belongs to the Phobos ransomware family, known for its destructive data encryption tactics and ransom demands.

The Deep Ransomware can Lead to Serious Consequences for Victims

The text file accompanying Deep Ransomware serves as a notification to the victim, conveying that their files have undergone encryption, and it urges them to establish contact with the attackers for the purpose of decryption.

Furthermore, a pop-up window appears to provide additional details concerning the ransomware infection. It explicitly states that the retrieval of the encrypted data will only happen after paying a ransom in Bitcoin cryptocurrency. Prior to making this payment, the victim is offered the opportunity to evaluate the decryption process by sending up to three encrypted files, all within specific parameters, to the cybercriminals.

THe attackers warn victims against altering the names of the encrypted files or employing third-party recovery software, as such actions may lead to permanent data loss. Moreover, the ransom note of the threat advises against seeking assistance from third parties, emphasizing that doing so can result in increased financial losses for the victim.

It is crucial to emphasize that decryption without the involvement of the attackers is typically extremely challenging, if not impossible. Moreover, even after complying with the ransom demand, victims frequently do not receive the necessary decryption keys or software. Consequently, cybersecurity experts strongly discourage victims from acceding to these demands, as there is no guarantee of successful data recovery, and complying with the criminals' requests only serves to support their illicit activities.

Use Effective Security Measures to Ensure the Safety of Your Devices and Data

Ensuring the safety of your devices and data is crucial in today's digital age where cyber threats are prevalent. Here are effective security measures users can take to protect their devices and data:

Keep Software and Operating Systems Up-to-Date: Regularly update your operating system, software applications, and antivirus programs. These updates often include security patches that address vulnerabilities.

Use Strong, Unique Passwords: Create strong passwords for all your accounts, and avoid using easily guessable information like birthdays or names. Consider using a reputable password manager to generate and store complex passwords.

Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA for your accounts. This adds an extra layer of security by requiring a second form of verification, such as a text message code or authentication app.

Be Cautious with Emails and Links: Avoid opening emails or clicking on links from unknown or suspicious sources. Be cautious of phishing emails that may try to trick you into revealing personal information.

Install and Update Security Software: Install reliable antivirus and anti-malware software on your devices and keep it updated. These programs help detect and remove malicious software.

Regular Backups: Regularly back up your important data to an external storage device or a secure cloud service. In case of data loss or a ransomware attack, you can restore your files.

Educate Yourself: Stay informed about the latest cybersecurity threats and best practices. Knowledge is a powerful defense against cyberattacks.

By implementing these security measures, users can significantly enhance the safety of their devices and data, reducing the risk of falling victim to cyberattacks and data breaches.

The ransom note shown to victims in a pop-up window is:

'All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail captain-america@tuta.io
Write this ID in the title of your message -
If you do not receive a response within 24 hours, please contact us by Telegram.org account: @HostUppp
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The text file created by Deep Ransomware contains the following message:

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: captain-america@tuta.io.
If we don't answer in 24h, send messge to telegram: @HostUppp'