Deadnet Ransomware is a MedusaLocker Variant

Deadnet falls under the category of malicious software known as ransomware. Our research team came across this threat while examining new samples of malicious files. Deadnet is a member of the MedusaLocker ransomware group.

The primary purpose of Deadnet is to encrypt data and then demand payment for the decryption of the compromised files. During our testing, this ransomware encrypted files and appended a ".deadnet26" extension to their original filenames. For instance, a file named "1.jpg" would be transformed into "1.jpg.deadnet26," and "2.png" would become "2.png.deadnet26."

Once the encryption process is finalized, Deadnet ransomware deposits a ransom note named "HOW_TO_BACK_FILES.html." The contents of this note indicate that Deadnet is targeting businesses rather than individual users. The ransom note asserts that the victim company's network has been infiltrated. Crucial files have been encrypted using the RSA and AES cryptographic algorithms, and sensitive or personal data has been extracted.

The ransom note advises against altering the filenames of the encrypted files or using third-party recovery tools, as such actions might corrupt the data and render it unrecoverable. To regain access to the encrypted files, the victim is instructed to make a ransom payment. However, before proceeding with payment, the victim can test the decryption process for up to three files without charge by providing these files to the attackers.

A 72-hour window is given to the victim to establish communication with the cybercriminals; failure to do so will result in an increase in the ransom amount. If the victim chooses not to pay, the stolen data will either be exposed or sold by the perpetrators.

Deadnet Ransom Note Increases Demands in 72 Hours

The full text of the Deadnet ransom note reads as follows:

YOUR PERSONAL ID:

YOUR COMPANY NETWORK HAS BEEN PENETRATED
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

• Note that this server is available via Tor browser only

Follow the instructions to open the link:

1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
4. Start a chat and follow the further instructions.

If you can not use the above link, use the email:
ithelp02@securitymy.name
ithelp02@yousheltered.com

• To contact us, create a new free email account on the site: protonmail.com
  IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

How Can You Protect Valuable Data from Ransomware Attacks?

Protecting valuable data from ransomware attacks requires a combination of proactive measures and best practices. Here's a comprehensive approach to safeguarding your data:

Regular Data Backup: Regularly back up your important data to an offline or remote location. This ensures that even if your primary system is compromised, you can restore your data from a secure backup.

Use Reliable Security Software: Install and maintain reputable security software that can detect and block ransomware threats.

Keep Software Updated: Regularly update your operating system and software applications to patch vulnerabilities that ransomware might exploit.

Phishing Education: Train employees to recognize phishing emails and suspicious attachments or links that could lead to ransomware infections.

Use Strong Passwords: Encourage the use of strong, unique passwords for all accounts, and implement multi-factor authentication (MFA) wherever possible.