DeathRansom (Chaos) Ransomware

The DeathRansom Ransomware targets the data of its victims with a strong cryptographic algorithm and renders it unusable. Numerous file types can be impacted by the threat, including documents, PDFs, databases, archives, and more. This particular ransomware threat is part of the Chaos malware family and should not be confused with a previously detected malware with the same name.

Upon being executed on the infected devices, DeathRansom (Chaos) Ransomware was observed encrypting files and appending their filenames with an extension compromising of four random characters. For instance, a file named '1.jpg' was changed to '1.jpg.888b' and '2.png' became '2.png.tv62.'

As part of the ransomware attack, the DeathRansom threat also created a ransom-demanding message named 'read_it.txt' and changed the victim's desktop wallpaper. The purpose of the message is to inform the victim that their files have been encrypted and demand a ransom payment in exchange for the decryption key.

DeathRansom Victims Are Told to Pay the Attackers a Ransom Using the Roblox game currency

The ransom note generated by the DeathRansom (Chaos) ransomware program informs the victim that their files have been encrypted and lists instructions on how to decrypt the data. The victim is instructed to contact the attackers via email and send them a Roblox gift code as payment. Once the payment is made, the victim is promised to be sent the decryption tool. It is worth noting that the ransom amount specified in the program's wallpaper is a 25 USD gift card worth 2,200 Robux, which is the in-game currency of the Roblox online game platform.

Based on extensive research into ransomware infections, it is usually impossible to recover encrypted files without the cybercriminals' invovement. There are only a few exceptions, such as cases where the ransomware threat is deeply flawed. Additionally, even when the ransom is paid, victims commonly do not receive the decryption tools. Therefore, it is strongly advised against meeting the ransom demands, as doing so would support this illegal activity.

Take Precautions To Protect Your Devices and Data from Ransomware Attacks

To protect their data from ransomware threats, users can take several security measures. Firstly, they should regularly backup their important data on an external hard drive or a cloud storage service, as this can help them recover their data in the event of a ransomware attack.

Installing a security anti-malware solution and keeping it up-to-date is paramount. This will help to detect and remove ransomware programs before they can encrypt the files.

Users should also avoid opening suspicious email attachments or clicking on links from unknown sources. They should also be wary of downloading software from untrusted websites, as this is a common way for ransomware to enter a user's system.

Lastly, users should educate themselves on the latest ransomware threats and keep themselves informed about best practices for cybersecurity. By being vigilant and taking these security measures, users can mitigate the risk of falling victim to a ransomware attack.

The full text of the threat's ransom note is:

Whoops, DeathRansom locked your files!
Yi=
You can unlock your files by:

Email deathpoppyclient@gmail.com.

Sending a roblox gift code to the email.

We will send you the decryptor.
IF NO REPLY CHECK YOUR SPAM OR JUNK FOLDER!
if not paid i will reset this pc
For now, your files are with ME!
MALWARE BY DEATHPOPPY
2345567788888 isnt e code dont try it