DeathRansom, one of the newest ransomware variants, had a questionable start to its campaign, but researchers believe the ransomware is now capable of encrypting files on victims’ computers. Previously, the ransomware would pretend to encrypt the files on victims’ computers, but actually just re-named files. Victims merely had to remove the .wctc extension that was added to the files and they would become usable again. Around November 20th, the ransomware was seen properly encrypting the files on victim’s computers. At the same time, a surge appeared on ID ransomware–a ransomware identification website. The surge is a sign that there were more samples of the ransomware being uploaded to the website. The distribution method is not currently known, and the initial surge seems to have slowed, but there is still a steady trickle of new victims being found.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased