Threat Database Ransomware DEDCryptor Ransomware

DEDCryptor Ransomware

By GoldSparrow in Ransomware

The DEDCryptor Ransomware is a variant of the EDA2 Ransomware. The DEDCryptor Ransomware is an effective ransomware Trojan that is designed to force computer users to pay large amounts of money to recover their files after they have been encrypted. Ransomware Trojans like the DEDCryptor Ransomware are especially threatening because, in most cases, computer users cannot recover their files after they have been encrypted without paying for a decryption key that is in the hands of the people responsible for this attack. To prevent the DEDCryptor Ransomware attacks, malware researchers recommend that computer users avoid opening unsolicited email attachments or visiting file sharing networks or other high-risk online locations.

The Santa Claus that will Try to Defraud Its Victims

The DEDCryptor Ransomware uses the AES-256 encryption to encrypt the victim's files. The DEDCryptor Ransomware uses a secure 32-character password that is unique for each infected computer. Whenever the DEDCryptor Ransomware encrypts a file, it appends the extension '.DED' to the encrypted file. The DEDCryptor Ransomware displays an image of an evil-looking Santa Claus figure on the victim's desktop. Curiously, the DEDCryptor Ransomware does not leave behind a ransom note, apart from the desktop message, which is written in Russian. The DEDCryptor Ransomware encrypts files with the following extensions:

.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .dll, .lnk, .pdf.

Unfortunately, once a file has been encrypted by the DEDCryptor Ransomware, it may not be possible to decrypt the file without access to the decryption key. Because of this, the best way to deal with the DEDCryptor Ransomware is to take preventive measures and ensure that all files are fully backed up on an external memory device.

How the DEDCryptor Ransomware Carries out Its Attack on a Computer

The DEDCryptor Ransomware uses an attack strategy that is similar to most other ransomware threats. In most cases, the DEDCryptor Ransomware is delivered in a corrupted email attachment that may use social engineering to induce less experienced computer users into opening the file attachment. Once the DEDCryptor Ransomware has been installed on the victim's computer, it carries out the following tasks:

  • The DEDCryptor Ransomware establishes a connection with its Command and Control server. Through this connection, the DEDCryptor Ransomware obtains instructions for encryption and relays information about the infected computer and the encryption process.
  • The DEDCryptor Ransomware makes changes to the Windows settings that allow the DEDCryptor Ransomware to run when Windows starts up automatically.
  • The DEDCryptor Ransomware initiates the encryption process by searching all drives for files matching the extensions listed above. It is extremely important to disconnect a computer infected with the DEDCryptor Ransomware from a network immediately, to prevent the DEDCryptor Ransomware infection from spreading throughout a network.

Preventing the DEDCryptor Ransomware Attacks and Protecting Your PC from Other Threats

It is an essential measure to take preventive steps to ensure that the DEDCryptor Ransomware cannot enter your computer. To do this, PC security researchers strongly advise computer users to follow good security practices such as avoiding unsolicited email attachments and websites that may be regarded as unsafe. One step that nullifies the DEDCryptor Ransomware and similar attacks completely is to ensure that all files are backed up on an external device or the cloud. When all computer users can recover their files by restoring them from a backup, attacks like the DEDCryptor Ransomware will become completely ineffective.

Apart from backing up files and following good security practices, a good anti-virus program that is fully up-to-date can detect the DEDCryptor Ransomware and prevent it from being installed on a computer. An anti-spam filter can prevent email messages delivering the DEDCryptor Ransomware from landing in the victim's inbox, and a good firewall can prevent the DEDCryptor Ransomware from communicating with its Command and Control server, or spreading throughout a network. In the case of all ransomware Trojans, prevention is essential, since files may not be recovered once the DEDCryptor Ransomware has been removed.

Trending

Most Viewed

Loading...