The recent outbreak of a new ransomware has broken the heart for "promotion" of Bitcoin

Source: Shallot Blockchain

The Bitcoin ransomware named DeathRansom almost became a laughing stock in the early days, because the infected users found that the logic of the virus locking the file was very rough, just adding a ".wctc" extension to the original file name , And the user only needs to delete this extension, and the file can be restored to normal use. However, about a week ago, this Bitcoin ransomware virus, which was regarded as a "joke", showed signs of re-emerging. When the infected users wanted to delete the extension, they found that the virus had evolved significantly and was locked. The dead file was completely encrypted without changing its name, and the effects of the ransomware could no longer be eliminated by simple methods.

Since November 20, the number of infected submissions related to "DeathRansom" on the ransomware tagging website has skyrocketed. Although the number of infected submissions declined during the days following the outbreak on November 20, it is worth noting that in the past week, a considerable number of "new victims" have appeared every day As a result, this has alerted the market, as it most likely means that the ransomware is still being actively distributed.

But so far, no security agency has explicitly explained through which channels the ransomware was distributed, or how it spread.

Regarding this question, some netizens found that submission records on the Reddit and ID-Ransomware websites can see that many victims infected by DeathRansom have recently been infected with another ransomware virus STOP Ransomware. Because the STOP virus is distributed only through software bundling, DeathRansom may also be distributed in a similar manner.

Similar to the Bitcoin ransomware that has appeared before, whenever a user is infected by DeathRansom, the virus will delete the system backup and then encrypt all files on the infected computer, not just system files. In addition, the current version of DeathRansom does not add an extension to an encrypted file, but only retains its original name, but the data of the file is encrypted.

Currently the only way to identify that a file has been encrypted by DeathRansom is that the ABEFCDAB code will appear at the end of the string of the encrypted file.

In each folder where the encrypted files are located, the ransomware creates a document named read_me.txt containing the unique "LOCK-ID" of the infected computer and an email to contact the ransomware developer or agency address. Currently, security companies have started analyzing this ransomware, but so far no company or team has announced how to find or publish decryption methods.

"Interesting" is that in order to ensure that "victims" can successfully pay Bitcoins, the documents created by the ransomware will also contain instructions on how to buy Bitcoins, as well as links to LocalBitcoins, a cryptocurrency OTC platform, and even Link to a popular science article on Bitcoin published by Coindesk. In this regard, some netizens joked that the production team of the DeathRansom virus can be called the "industry conscience" to promote Bitcoin.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

Encrypted exchange: a combination of Nasdaq and investment bank

After the big bull market in 2017, cryptocurrency exchanges have sprung up on the line, according to incomplete stati...

Policy

Testifying in Court: SBF’s Crypto Circus Unveiled 🎪

On October 26, ex-FTX CEO Sam Bankman-Fried faced tough questioning from Assistant U.S. Attorney Danielle Sassoon beh...

Blockchain

New rules for persuading withdrawals or selling shells for revenue? OSL reportedly withdraws from the Hong Kong Web3 "gold rush".

Author: Blocking, Climber On July 5th, Tencent News' "Qianwang" reported that OSL, a compliant virtual asset trading ...

Blockchain

How terrible is the IEO? 62% of 87 projects broke, with a maximum loss of 99%

87 IEO projects, raising more than 2 billion, 62% broken "Bitcoin is about to plummet to $5,000." "Cry...

Blockchain

Inside story How FTX stays up all night to prevent a $1 billion cryptocurrency theft case

On the same day FTX announced bankruptcy, someone began stealing hundreds of millions of dollars from its vault. An i...

Market

Jump Trading's Crypto Waterloo: Forced to Exit US Crypto Trading Market, Facing Terra Class Action Lawsuit

For Jump Trading, the traditional high-frequency trading giant in the encryption circle, the past year has undoubtedl...