DeathRansom Ransomware Asks for Weird Ransom

During a routine check of new submissions to online threat databases, our team of researchers came across the DeathRansom ransomware, which belongs to the Chaos family of ransomware programs.

Upon running a test sample of the DeathRansom ransomware on our test computer, we observed that the program encrypted files and added a four-character extension to their filenames. For instance, a file named "1.jpg" was changed to "1.jpg.888e" while "2.png" became "2.png.tv52" and so on.

In addition to the file encryption, the program created a ransom note named "read_it.txt" and changed the desktop wallpaper. The ransom note informed the victim that their files had been encrypted and provided a set of instructions on how to decrypt the data.

The note demanded that the victim email the attackers and send them a gift code for Roblox, a popular online game platform. The attackers promised to send the decryption tool once they received the gift code. The wallpaper displayed by the DeathRansom ransomware further revealed that the ransom demanded was a gift card worth $25, equivalent to 2,200 Robux - the in-game currency used on the Roblox platform.

DeathRansom's Note Asks for Robux

The complete ransom note produced by DeathRansom reads as follows:

Whoops, DeathRansom locked your files!
Yi=
You can unlock your files by:

1. Email deathpoppyclient@gmail.com.
2. Sending a roblox gift code to the email.
3. We will send you the decryptor.
   IF NO REPLY CHECK YOUR SPAM OR JUNK FOLDER!
   if not paid i will reset this pc
   For now, your files are with ME!
   MALWARE BY DEATHPOPPY
   2345567788888 isnt e code dont try it

How is Ransomware Like DeathRansom Usually Spread Online?

Ransomware, including DeathRansom, can be spread online using a variety of methods. One of the most common ways is through phishing emails or malicious links that trick users into downloading and executing the malware on their computer systems. Attackers may also use exploit kits or software vulnerabilities to infect machines without any user interaction. In addition, ransomware can be delivered through malvertising, where malicious ads are placed on legitimate websites, or through infected software installers or updates.

Once the malware is executed on a system, it can quickly spread to other devices on the network or to connected storage devices. Therefore, it is crucial to maintain strong security measures, such as keeping software up-to-date, avoiding suspicious links or emails, and regularly backing up important files to protect against the threat of ransomware attacks.