DeadSec-Crypto Ransomware

DeadSec-Crypto Ransomware Description

The DeadSec-Crypto Ransomware is a Trojan that was reported by cybersecurity investigators on May 18th, 2017. The DeadSec-Crypto Trojan appears to be used in attacks on Portuguese-speaking users. The attack with the DeadSec-Crypto Ransomware is facilitated by spam emails that refer to invoices, pending bills, photos on social media and CVs. The fake documents attached to the spam emails feature a bad macro script, which handles the installation of the Trojan if the user chooses to run the macro. The DeadSec-Crypto Ransomware may be installed to a temporary folder under the AppData directory. The threat is designed to run in the background and scan the machine for a number of data containers suitable for encryption. Samples of the DeadSec-Crypto Ransomware have been seen to run as 'WindowsApplication1.exe,' which is the default name for apps created on the Microsoft Visual Studio. The name of the Trojan is derived from the program window shown to the infected user, which is titled 'DeadSec-Crypto Ransomware v2.1.'

Malware researchers classify the DeadSec-Crypto Ransomware as a low-tier encryption Trojan that is powered by the custom AES and RSA ciphers. The DeadSec-Crypto Ransomware Trojan appears to be an independent project. The authors of the DeadSec-Crypto seem to follow in the footsteps of well-documented threats like Cerber 6 Ransomware and Dhrama Ransomware. The cyber parasite at hand is reported to encipher images, presentations, spreadsheets, databases, text video, audio and PDFs. Computer users affected by the DeadSec-Crypto Ransomware might notice that their files have a new extension that reads '.locked.' For example, 'Londinium 43 AD.pptx' is renamed to 'Londinium 43 AD.pptx.locked.' Unfortunately, it is impossible to recover the data corrupted by the DeadSec-Crypto Ransomware without the proper decryption key and software. The authors of the Trojan have programmed it to display a program window, which says (translated from Portuguese):

'Why did I receive this?
You are a victim of a ransomware and all your data was encrypted by DeadSec all files are with .locked extension and with the SHA256SUM hash virtually impossible to recover. We have all your data including passwords, documents and files among other personal things like Cards and etc.
What to do?
You will need to donate an amount of 0.05 Bitcoins that in Reals = $ 100.00 to the address below, to donate the amount you need to buy Bitcoins with real money at: After sending the bitcoins to the address, we will confirm the transaction and send a key to your email and you will have your files and passwords.
You have the deadline: 1 Week
Key: [TEXT BOX] Address: 1Mx4Zgz5nYmFPPSUS6TbF2SfVP4xfcghBu
If you do not send the amount in 1 Week, we will leak all your data.

The decryption key is priced at 0.05 Bitcoin, which can be bought for 91 USD/306 BRL/82 EUR according to the conversion rates at the time of writing. Victims of the DeadSec-Crypto Trojan might consider contacting the threat authors via, but we advise against that. Ransomware operators are not people you want to negotiate with as their primary concern is collecting money and infecting more users. Even if the team behind DeadSec-Crypto Ransomware decodes a file or two for you as proof, there is no authority that can make them decipher your data after making a payment. You should not give up your money and hope that the cyber crooks would provide the decryption key. The smart approach is to erase the DeadSec-Crypto Ransomware with a trusted anti-malware utility and load backups to recover your file structure. AV vendors may flag the objects associated with DeadSec-Crypto Ransomware as:

  • Gen:Heur.Bodegun.3
  • HEUR/QVM41.1.DC32.Malware.Gen
  • ML.Attribute.HighConfidence
  • TR/Bodegun.vdzak
  • Trojan.Generic.D4BDD71
  • W32/Generic.AC.36BC4F!tr
  • Win32.Trojan.WisdomEyes.16070401.9500.9549
  • Win32/Trojan.BO.c8b
  • malicious (high confidence)
  • malicious_confidence_98% (W)

Infected with DeadSec-Crypto Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect DeadSec-Crypto Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 14 + 6 ?