Deadnet Ransomware

Deadnet falls under the category of malicious software referred to as ransomware. During ongoing investigations into emerging malware threats, researchers came across this particular malware. Deadnet's primary function involves encrypting data and subsequently demanding payment in exchange for providing the decryption key. This ransomware locks files and appends their original names with the '.deadnet26' extension. For instance, a file initially named '1.jpg' will become '1.jpg.deadnet26' after encryption.

Once the encryption process concludes, the Deadnet Ransomware deposits a ransom note onto the affected systems. The generated note is named 'HOW_TO_BACK_FILES.html.' An analysis of the contents of this message indicates that Deadnet is primarily aimed at targeting businesses rather than individual home users. Another important fact about the Deadnet Ransomware is that it has been categorized as a variant from the MedusaLocker Ransomware family.

The Deadnet Ransomware Causes Significant Damage to the Breached Systems

The message conveyed by Deadnet's ransom demand outlines a situation where the victim's company network has suffered a breach. This breach led to the encryption of critical files utilizing the RSA and AES cryptographic algorithms. Additionally, sensitive and personal data was illicitly accessed and extracted.

The note goes on to caution against any attempts to rename or alter the files that are now inaccessible. It strongly advises against resorting to third-party recovery software as well. These actions could potentially result in data corruption, rendering it impossible to decrypt. The only viable means of decryption, as stipulated in the note, involves complying with the ransom payment. Prior to making the payment, the victim has the option to test the decryption process by sending the attackers up to three of the encrypted files for a free decryption demonstration.

The note sets a 72-hour window for the victim to establish communication with the cybercriminals. Otherwise, there will be an increase in the ransom amount. If the victim chooses not to pay, the attackers threaten that the stolen information could be exposed to the public or sold.

It's a well-established fact that in most instances of ransomware infections, the decryption process cannot be accomplished without the direct involvement of the attackers. Furthermore, even when victims adhere to the ransom demands, they often find themselves without the promised decryption tools or keys. Consequently, cybersecurity researchers strongly discourage engaging with such payment requests, as the probability of successful data recovery remains uncertain, and succumbing to the demands inadvertently supports criminal operations.

Don't Take Chances with the Security of Your Devices and Data

Safeguarding data and devices from malware intrusions requires a proactive and multi-layered approach. Here are five highly effective security practices that users can implement:

• Use Multi-Factor Authentication (MFA and Strong, Unique Passwords):

Create elaborate passwords that include a mix of upper and lower-case letters, numbers and symbols.

Avoid using easily guessable information like birthdays or common words.

Utilize a password manager oi create and store strong passwords securely.

Whenever possible, enable multi-factor authentication (MFA) for your accounts. This will increase security by requiring a second form of verification beyond just a password.

• Regular Software Updates and Patching:

Keep your operating system, applications, and security software up to date.

Regularly install security patches and updates to fix vulnerabilities that malware might exploit.

Set up automatic updates whenever possible to ensure timely protection.

• Be Cautious with Email and Downloads:

EBe very watchful when opening email attachments or clicking on links, especially from unknown or unexpected sources.

Be wary of phishing emails that attempt to trick you into revealing personal information.

Avoid downloading software, files, or media from untrusted sources or questionable websites.

• Install Reliable Anti-Malware Software:

Choose reputable and up-to-date anti-malware software.

These tools can help detect and prevent malware infections before they can cause damage.

• Regular Backups and Data Protection:

Regularly back up your data to an external device or a secure cloud storage service.

Ensure your backup is not continuously connected to your network to prevent malware from spreading to backups.

Test your backups to ensure you can successfully restore your data if needed.

These practices help establish a solid foundation for protecting your data and devices from malware threats. Remember that cyber threats are constantly developing, so staying informed about the newest security trends and being cautious in your online activities are also crucial aspects of maintaining your digital safety.

The text of the ransom note generated by the Deadnet Ransomware is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

Note that this server is available via Tor browser only

Follow the instructions to open the link:

Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.

Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.

Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

Start a chat and follow the further instructions.

If you can not use the above link, use the email:
ithelp02@securitymy.name
ithelp02@yousheltered.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'