Deathransom
Description
DeathRansom is a ransomware family first seen in the wild in late 2019, initially appearing as a bluff—dropping ransom notes without actually encrypting files. By early 2020, the malware evolved into a functional encryptor, using a hybrid scheme of AES for file encryption and RSA to secure AES keys. Infected systems have files appended with extensions such as .wctc or .zzz depending on the campaign variant. Distribution methods include phishing emails with malicious attachments, cracked software downloads, and malicious spam campaigns. Over time, some DeathRansom operations were linked to STOP/Djvu infrastructure and later incorporated into affiliate-based criminal ecosystems.
| External Analysis |
| https://www.trendmicro.com/en_us/research/20/a/deathransom-now-fully-operational-with-file-encryption-capabilities.html |
| https://www.bleepingcomputer.com/news/security/deathransom-ransomware-now-encrypting-victims-data/ |
| https://www.pcrisk.com/removal-guides/16697-deathransom-ransomware |