This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
11/29/2019
DeathRansom Ransomware Fixes Issues, Now Encrypting Victims’ Data
The State of Security
After its developers fixed several issues, DeathRansom ransomware is now actively infecting users and encrypting victims’ data.
DeathRansom wasn’t actually crypto-ransomware when attackers first began distributing it. At that time, the threat pretended to encrypt users’ information and appended the .wctc extension onto victims’ files.
Researchers found that they could recover victims’ affected data simply by removing the extension added by this initial variant.
But things changed around November 20, 2019.
According to Bleeping Computer, DeathRansom began encrypting users’ files in earnest. It also stopped appending an extension onto victims’ files at around that time. This means that victims of its newest variants must look for “ABEFCDAB” file marker to determine which files are affected.
The number of victims has slowed since these changes took effect. But a steady stream of new victims suggests that an active distribution campaign is underway.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information