DeadSec-Crypto Ransomware

DeadSec-Crypto Ransomware Description

The DeadSec-Crypto Ransomware is an encryption ransomware Trojan that was first observed on May 18, 2017. The DeadSec-Crypto Ransomware is being used in attacks against Portuguese speakers. The DeadSec-Crypto Ransomware is typically being delivered using corrupted spam email attachments that use various social engineering tactics to lure computer users into opening the attachment. The attached files will use corrupted macros to exploit vulnerabilities in the victim's computer and download and install the DeadSec-Crypto Ransomware (the DeadSec-Crypto Ransomware will be installed to a temporary directory in the AppData folder of Windows). The DeadSec-Crypto Ransomware will run in the background after being installed, scanning the infected computer's hard drives and encrypting its contents using a strong encryption algorithm. The DeadSec-Crypto Ransomware is running as 'WindowsApplication1.exe' on the infected computers. The DeadSec-Crypto Ransomware receives its name because it displays a ransom note in the form of a program window titled 'DeadSec-Crypto Ransomware v2.1' on the infected computer.

How the DeadSec-Crypto Ransomware can Extort Computer Users

The DeadSec-Crypto Ransomware uses a combination of the RSA and AES encryptions to make the victims' data inaccessible. The DeadSec-Crypto Ransomware seems to be an independent threat project rather than belonging to a larger family of ransomware (however, it does contain various elements that may have been lifted or copied from other ransomware Trojans active today). The DeadSec-Crypto Ransomware will scan the victim's drives for user-generated files, such as video and audio files, text, databases, and files generated with software such as Microsoft Office or Adobe Photoshop. Using its encryption algorithm, the DeadSec-Crypto Ransomware will encrypt these files, making them unusable, and add the file extension '.locked' to the end of each affected files' name. Unfortunately, once a file has been encrypted by the DeadSec-Crypto Ransomware attack, it becomes unrecoverable without the decryption key. After encrypting the victim's files, the DeadSec-Crypto Ransomware will display a ransom note in the form of a program window. Below is the full text of the DeadSec-Crypto Ransomware ransom note, translated from the original in Portuguese:

'Why did I receive this?
You are a victim of a ransomware and all your data was encrypted by DeadSec all files are with .locked extension and with the SHA256SUM hash virtually impossible to recover. We have all your data including passwords, documents and files among other personal things like Cards and etc.
What to do?
You will need to donate an amount of 0.05 Bitcoins that in Reals = $ 100.00 to the address below, to donate the amount you need to buy Bitcoins with real money at: After sending the bitcoins to the address, we will confirm the transaction and send a key to your email and you will have your files and passwords.
You have the deadline: 1 Week
Key: [TEXT BOX] Address: 1Mx4Zgz5nYmFPPSUS6TbF2SfVP4xfcghBu
If you do not send the amount in 1 Week, we will leak all your data'

Dealing with a DeadSec-Crypto Ransomware Infection

PC security researchers strongly advise computer users to refrain from paying the DeadSec-Crypto Ransomware ransom. It is well documented that these people may ignore the victims' payments, demand more money, or simply reinfect the victim's computer after the payment has been made. Instead, it is important to have file backups to restore any data that has been lost in one of these attacks. Backup copies when sotred on an external memory device or the cloud allows computer users to recover their data in the event of one of these attacks and make the attack ineffective completely. Apart from file backups, it is also important to have a reliable security program that is fully up-to-date to remove the DeadSec-Crypto Ransomware infection itself and, in many cases, intercept it before it carries out its attack. Since the DeadSec-Crypto Ransomware is mostly distributed using corrupted email attachments, learning to handle this content safely is a big part of protecting your computer from these attacks.

Infected with DeadSec-Crypto Ransomware? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect DeadSec-Crypto Ransomware
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 7 + 7 ?