Deathfiles Ransomware

Deathfiles Ransomware Description

The Deathfiles Ransomware is a file-locking Trojan that's a variant of the MedusaLocker Ransomware family. Besides changing its extensions and other semi-superficial details, the Trojan is a conventional family member, specializing in locking the user's media files by encrypting them. Sufficiently-secured backups offer appropriate recovery options for all victims, and most security products should remove the Deathfiles Ransomware.

Death to Files Strikes from Less-Anticipated Places

Although many families of file-locking Trojans are active in 2021, most of them are similarly-prolific throughout the preceding year. An exception in point, the MedusaLocker Ransomware, is the progenitor of a new threat of this type for January. Although the Deathfiles Ransomware has fewer relatives than most comparable cases, its data-locking encryption works no worse than that of a Dharma Ransomware or a Xorist Ransomware variant.

The Deathfiles Ransomware – similar in name to another family member confusingly, the Deadfiles Ransomware – is compatible with most Windows OS versions. The locking feature it uses for stopping files from opening is AES and RSA-based and converts formats such as documents, pictures and other media. There are no free decryption applications for reversing this file damage. Even worse, the MedusaLocker Ransomware's threat actors (see also the Best Recovery Ransomware, the Decrypme Ransomware or the Support Ransomware) are unreliable negotiators.

The Deathfiles Ransomware keeps the characteristic of appending a campaign-specific extension, such as 'deathfiles,' to the files' names. It also may bypass UAC-related security features and delete the user's Restore Points. Lastly, malware researchers see the Deathfiles Ransomware dropping family-standard, HTML ransom notes that ask for money for their recovery help and warn of leaking the data to the public in no-payment scenarios. The latter is growing more-standard among file-locking Trojans of different families and shows that Black Hat businesses like the NEFILIM Ransomware are 'hedging their bets' to reasonable success against non-compliant targets.

The Issues with Thawing Media Out of Petrification

The Deathfiles Ransomware's family is more thematically-named than most examples; just like the Medusa of legend turns victims to stone, these Trojans will capture files in encryption that often is permanent. Because this family is usually secure, malware experts warn against assuming that the encryption is reversible, with or without the attacker's paid help. Users who neglect their secure backups do so at the risk of losing both recreational files and work-related content like servers' databases.

Administrators should be alert to vulnerabilities that might lead to the Deathfiles Ransomware infections especially. Hackers may search for targets with weak passwords and brute-force the credentials with automated utilities. Other entrance methods usually involve platforms with publicly-known vulnerabilities, which tend to be repairable by patches (WordPress's CVE-2018-20149, and others).

Current heuristics are adequate for detecting most variants of the MedusaLocker Ransomware. This pattern remains intact in this update, and users with any high-quality security solutions should remove the Deathfiles Ransomware automatically, without much trouble.

A gang's including more or fewer members is a meaningless statistic to those confronted by a mugger. Just the same, victims of the Deathfiles Ransomware will not care how low the odds are of their running afoul of this Trojan statistically, with their files in digital stone.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.