DeathRansom Ransomware

What is DeathRansom Ransomware?

The invasion of DeathRansom Ransomware might lead to the pseudo death of your personal files. This threat is capable of employing a unique algorithm to encrypt personal files, after which they are no longer readable. Although the creator of the infection does not seem to care about the files that are encrypted – in a sense that they do not read them or try to leak them online – they take the files hostage. After encryption, demands for a ransom payment are introduced to the victims, and it is claimed that victims can recover their files only if the ransom is paid. Unfortunately, there is no proof that files would be decrypted if the ransom was paid, and so Anti-Spyware-101.com researchers do not advise paying the ransom. If you did the opposite, it is likely that your files would go to waste. If you are ready to delete DeathRansom Ransomware from your operating system, check out the last section of the report that discusses the removal of this threat. If you want to learn more, continue reading.

How does DeathRansom Ransomware work?

DeathRansom Ransomware is not unlike ABCD Ransomware, Rote Ransomware, Msop Ransomware, Zobm Ransomware, and hundreds of other threats from the same category. All of these infections encrypt files, and all of them were built by cybercriminals to make money. The toughest part for this kind of malware is to invade an operating system, and the attackers have to figure out a clever way to achieve that without alerting the victim. DeathRansom Ransomware is most likely to use spam emails and RDP vulnerabilities to slither in. Obviously, if you delete spam emails without opening them, and if you patch remote access vulnerabilities, this malware should not be able to attack you, and so you really need to think about adjusting your behavior and also securing your operating system. Clearly, the removal of the dangerous ransomware is not the only thing you need to think about. Unfortunately, once you discover that your personal files were encrypted, and when the “read_me.txt” ransom note is introduced to you, you might naturally shift your focus on the state of your personal files completely.

According to our experts, two different versions of DeathRansom Ransomware exist. One of them does not add an extension to the corrupted files, while the other one does. It adds the “.wctc” extension, and that is why it is also known as Wacatac Ransomware. Both threats create a ransom note file with the same name, but the messages inside are different. The first version addresses victims as friends and informs that files were encrypted. This version gives a 12-hour ultimatum, and, according to the instructions included, victims need to send a ransom of 0.1 Bitcoin – which is around 700 US Dollars – to the 1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N Bitcoin wallet, and then send a message to the attackers (deathransom@airmail.cc) to confirm the payment. The other version states that victims need to purchase a “unique private key” if they want their files restored, and to obtain it they are instructed to email death@cumallover.me and death@firemail.cc for further instructions. We do not recommend following these instructions at all. Instead, we suggest focusing on the removal of DeathRansom Ransomware.

How to delete DeathRansom Ransomware

Some file-encryptors are not so sophisticated, and malware researchers can create free decryptors for their victims. When DeathRansom Ransomware was analyzed in our internal lab, a decryptor did not exist yet, and it is possible that it will ever exist. Although you might be unable to restore files for free, think if maybe you can replace them. More and more people use online storage services to make files easily accessible on the go. Perhaps you have the most important files stored online? Or maybe you have an external drive that you have transferred copies of your personal files to? If you have a backup, you can replace the corrupted files after you remove DeathRansom Ransomware. This might be the best-case scenario. To remove the threat, you can either eliminate the infection manually – if you can locate the launcher file – or you can employ anti-malware software. We favor the latter option because this software will also provide Windows protection, without which new threats could attack soon enough.

Removal Instructions

1. Delete the ransom note file, read_me.txt.
2. Delete the launcher file (the name/location unknown).
3. Tap Win+R keys to launch Run.
4. Enter regedit into the box to launch Registry Editor.
5. Move to HKEY_CURRENT_USER\SOFTWARE\.
6. Delete the key named Wacatac.
7. Empty Recycle Bin.
8. Install a malware scanner that you can trust.
9. Run a complete system scan and delete leftovers if any are found. Download Removal Tool100% FREE spyware scan and
   tested removal of DeathRansom Ransomware*