New day, new ransomware. The latest virus in the town named DeathRansom is spiralling around with encrypting user files and a contact ransom note. This virus effect can be detected as files being encrypted and displayed with an additional extension as “.wctc”
This virus, DeathRansom has previously been infamous for just modifying the extensions as .wctc. Back then, no one seemed this could be potentially harmful. But now, it learned to encrypt files and is asking for ransom (in terms of Bitcoins) from victims to obtain the private key. The private key is the only way to decrypt files from it and is obtainable from the hacker.
Experts are assuming it to be distributed by general means of spam emails and attachments. As sourced from victims, the attacker has mentioned his email to be contacted as [email protected]@firemail.cc to obtain the private key for unlocking.
@GrujaRS shared the ransom note on Twitter as
NEW #DeathRansom #Ransomware extension .wctc!
email contact [email protected]@firemail.cc
Sample VT https://t.co/lcnXh6xzkY@BleepinCompute @LawrenceAbrams @demonslay335 pic.twitter.com/SL60iYRUiM
— Cyber Security (@GrujaRS) November 19, 2019
The Ransom Note
Maybe, the maker of this virus is interested in fixing a variable price for everyone. He defines no exact value for unlocking but leaves an email address for contacting him.
The letter read, “You are not able to decrypt it by yourself. The only method of recovering the files is to purchase a unique private key. Only we can give you this and oy we can recover your files. To be sure we have the decryptor and it works. You can send an email ([email protected]) and decrypt one file for free. But this file should be of not valuable.”
This note is followed by a lock ID (users encrypted files ID) and the process of obtaining Bitcoins to pay. He even warned victims not to delete files or try decrypting them. If did, may result in the whole system turning corrupted.
The bad thing here is, the cryptography mechanism used in this Deathransom is not understood yet. Some victims tried understanding it and resulted as algorithms to be AES and RSA. Yet, there’s no official confirmation from anybody. By far, the virus is said to be as harmful as others and is expected to affect others gradually.