DeathRansom Ransomware Asks for Weird Ransom


During a routine check of new submissions to online threat databases, our team of researchers came across the DeathRansom ransomware, which belongs to the Chaos family of ransomware programs.

Upon running a test sample of the DeathRansom ransomware on our test computer, we observed that the program encrypted files and added a four-character extension to their filenames. For instance, a file named "1.jpg" was changed to "1.jpg.888e" while "2.png" became "2.png.tv52" and so on.

In addition to the file encryption, the program created a ransom note named "read_it.txt" and changed the desktop wallpaper. The ransom note informed the victim that their files had been encrypted and provided a set of instructions on how to decrypt the data.

The note demanded that the victim email the attackers and send them a gift code for Roblox, a popular online game platform. The attackers promised to send the decryption tool once they received the gift code. The wallpaper displayed by the DeathRansom ransomware further revealed that the ransom demanded was a gift card worth $25, equivalent to 2,200 Robux - the in-game currency used on the Roblox platform.

DeathRansom's Note Asks for Robux

The complete ransom note produced by DeathRansom reads as follows:

Whoops, DeathRansom locked your files!
You can unlock your files by:

  1. Email
  2. Sending a roblox gift code to the email.
  3. We will send you the decryptor.
    if not paid i will reset this pc
    For now, your files are with ME!
    2345567788888 isnt e code dont try it

How is Ransomware Like DeathRansom Usually Spread Online?

Ransomware, including DeathRansom, can be spread online using a variety of methods. One of the most common ways is through phishing emails or malicious links that trick users into downloading and executing the malware on their computer systems. Attackers may also use exploit kits or software vulnerabilities to infect machines without any user interaction. In addition, ransomware can be delivered through malvertising, where malicious ads are placed on legitimate websites, or through infected software installers or updates.

Once the malware is executed on a system, it can quickly spread to other devices on the network or to connected storage devices. Therefore, it is crucial to maintain strong security measures, such as keeping software up-to-date, avoiding suspicious links or emails, and regularly backing up important files to protect against the threat of ransomware attacks.

March 21, 2023

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.