What is Dedcryptor Ransomware?
Dedcryptor Ransomware is a new computer infection that is based on EDA2, which is known to be the open-source ransomware code. Dedcryptor Ransomware acts exactly like other ransomware infections, i.e. it sneaks onto the computer without permission and then locks all the files it manages to find. It does that because it seeks a ransom. You should not transfer your money to cyber criminals that hide behind Dedcryptor Ransomware even though it might seem that it is the only and the quickest way to unlock files. You will find out why we think so if you read the report. Of course, you should carefully read it not only because of that. Specialists working at anti-spyware-101.com will also tell you how to remove the ransomware infection from the system and whether it is really necessary to do that in the article.
What does Dedcryptor Ransomware do?
The main symptom that Dedcryptor Ransomware has found a way to your computer is a bunch of encrypted personal files on your system. It has been observed that files this infection encrypts have the .ded extension, so it will not be hard to understand that Dedcryptor Ransomware locks files containing such filename extensions as .pptx, .odt, .sql, .mdb, .sln, .php, .html, .xml, .psd, .dll, .lnk, and .pdf. Unfortunately, this Trojan uses the AES-256 cipher to lock files, which means that only cyber criminals know the private key that can help to unlock files.
Once Dedcryptor Ransomware finishes encrypting files stored on the computer, it puts the .png (ded.png) picture in %USERPROFILE%. Also, this picture is set as a Desktop background and opened for the user in order to make sure that he/she really notices it. Ded.png itself is a ransom note that contains the text in Russian and English, which shows that Dedcryptor Ransomware wants to reach people living in different countries. The picture informs users that their files have been encrypted and they have to pay 2 Bitcoins within 24 hours to gain access to files. Users are not informed in a detailed way how to do that; however, they are told to contact cyber criminals by writing an email to dedcrypt@sigaint.org, so it is very likely that users will get an answer with instructions. If you are not going to pay money to cyber criminals, you should not bother writing an email because it will be just a waste of time.
Users who do not pay a ransom Dedcryptor Ransomware demands might still have a chance to decrypt files free of charge. According to specialists, it is very likely that IT specialists will create the decryptor in the future and will share it with users. In addition, you do not even need a decryptor if you have copies of your major files on a USB flash drive, external hard drive, or another device. As you have probably already understood, it is very important to backup files periodically in order to be able to recover them in the case of the malware attack.
Where does Dedcryptor Ransomware come from?
Dedcryptor Ransomware does not differ from other well-known ransomware infections, e.g. 7h9r Ransomware, Centurion_Legion Ransomware, and other threats in the sense that it also comes as an attachment in spam emails. In this case, Dedcryptor Ransomware pretends to be the file of the legitimate antivirus Kaspersky, which explains why users open the file without hesitation. Fortunately, the file does not make copies of itself once it is launched. In addition, it should delete itself after the encryption process is finished. Of course, in some cases, it might stay on the system, so we have still prepared the removal instructions for you (see below the article).
How to remove Dedcryptor Ransomware
It will be easy to remove Dedcryptor Ransomware from the system because you will only need to remove the ded.png image from %USERPROFILE%. The malicious .exe file you have launched should erase itself; however, you should still check your Downloads folder. If you find it, delete it immediately. Security specialists say that it would also be clever to scan the system with an automatic scanner in order to eliminate all other existing threats. We suggest using the SpyHunter antimalware scanner for this matter because we know that it will really help you. The scanner can be easily downloaded from our website. Click on the Download button you find below.
Remove Dedcryptor Ransomware manually
- Locate the malicious .exe file you have downloaded, right-click on it, and select Delete.
- Open the Windows Explorer (Win+E).
- Enter %USERPROFILE% into the address bar and tap Enter.
- Find ded.png and remove it.
- Empty the Recycle bin.
tested removal of Dedcryptor Ransomware*
0 Comments.