Home Malware Programs Ransomware DeathNote Hackers Ransomware

DeathNote Hackers Ransomware

Posted: April 19, 2017

The 'DeathNote Hackers' Ransomware is a member of the DNRansomware family of Trojans, which use AES encryption for locking your files and issues ransom demands through pop-up windows. Although victims should be able to use a built-in code to unlock their PCs, a complete recovery from file-encoding attacks may require having an earlier backup. Anti-malware products that block similar threats also can be relied upon for deleting the 'DeathNote Hackers' Ransomware before it scans for media to lock.

Trojans Taking Asian Product Marketing to the Wrong Places

Since the surge in the production of Trojans using file-ransoming attacks as the most integral aspects of their payloads, threat actors are incorporating popular media brands into the messages they send to the unfortunate victims. In the past, references have included Western influences like the Saw movies and the Breaking Bad television series, but Eastern media also affects the threat industry. The latest evidence of this lies with the 'DeathNote Hackers' Ransomware campaign.

Malware analysts are calculating that this campaign is a branching off or a replacement of older attacks using threats including the DNRansomware, the Rijndael Ransomware and the EnkripsiPC Ransomware. As is the case with previous Trojans, the 'DeathNote Hackers' Ransomware uses a Rijndael (an alias for AES) algorithm to lock your files by reorganizing their data internally. It also shares the commonly-reused function of appending the '.fucked' extension after any already-existing one in the filenames.

The 'DeathNote Hackers' Ransomware features a significantly revamped ransom message but still uses an advanced HTML or HTA format to display it with interactive features, including a field for inputting the unlocking code. The new message themes its background after the Japanese 'Death Note' media franchise, which consists of comics, live action cinema, and an animated series. However, the ransom messages use an English text, and malware analysts see no other indicators of the 'DeathNote Hackers' Ransomware's attacks targeting Eastern regions of the world.

Dealing Death out to the Software that Deserves It

The 'DeathNote Hackers' Ransomware issues a standard 0.5 Bitcoin ransom demand for the code to unlock your computer and restore your files, with the use of cryptocurrency protecting the con artist from any refunds without his consent. Old variants of the 'DeathNote Hackers' Ransomware use the hard-coded unlocking code of '83KYG9NW-3K39V-2T3HJ-93F3Q-GT' that also may be compatible with this Trojan. However, in the event of the Trojan's receiving additional updates, victims may need to recover their encrypted files from backups.

Pop-ups, filename changes, and similar symptoms all are most apparent after the 'DeathNote Hackers' Ransomware has locked your media successfully, which includes widely-used content like documents or pictures. For preventing such damages, malware analysts recommend paying extra attention to infection vectors that threat actors are using in the present day. These include e-mail spam attachments and compromised websites hosting exploits, often with the unintentional assistance of document macros, JavaScript and Flash.

As the last line of defense, PC users also can protect their files with any anti-malware product already proven against the rest of this Trojan's family. However, removing the 'DeathNote Hackers' Ransomware after it finishes attacking your media could be a tragedy without a happy ending for any lost files.

Loading...