This virus, DeathRansom has previously been infamous for just modifying the extensions as .wctc. Back then, no one seemed this could be potentially harmful. But now, it learned to encrypt files and is asking for ransom (in terms of Bitcoins) from victims to obtain the private key. The private key is the only way to decrypt files from it and is obtainable from the hacker. Experts are assuming it to be distributed by general means of spam emails and attachments. As sourced from victims, the attacker has mentioned his email to be contacted as [email protected]@firemail.cc to obtain the private key for unlocking. @GrujaRS shared the ransom note on Twitter as
— Cyber Security (@GrujaRS) November 19, 2019
The Ransom Note
Maybe, the maker of this virus is interested in fixing a variable price for everyone. He defines no exact value for unlocking but leaves an email address for contacting him. This note is followed by a lock ID (users encrypted files ID) and the process of obtaining Bitcoins to pay. He even warned victims not to delete files or try decrypting them. If did, may result in the whole system turning corrupted. The bad thing here is, the cryptography mechanism used in this Deathransom is not understood yet. Some victims tried understanding it and resulted as algorithms to be AES and RSA. Yet, there’s no official confirmation from anybody. By far, the virus is said to be as harmful as others and is expected to affect others gradually.
