Deno Ransomware
A new ransomware variant that belongs to the Conti family was spotted in the wild in late July 2022. The new strain is called Deno ransomware.
There is little that the ransomware does to set itself apart from other Conti clones. Deno will encrypt the majority of the files found on the victim system. The encrypted files cannot be opened and read, making them unusable.
Any file encrypted by the Deno ransomware received the ".DENO" extension after its original one. In this way, a file encrypted by Deno that was previously called "waterfall.jpg" will transform into "waterfall.jpg.DENO". The ransomware encrypts all major media, document and archive file extensions, as well as database files. Only files essential to the operation of Windows are left intact.
The ransomware places its ransom note inside a plain text file named "readme.txt" which is dropped on the desktop. There is no mention of specific demands and the criminals operating the Deno ransomware expect victims to contact them and negotiate the terms. Of course, dealing with criminals is never advisable, and there is no guarantee that you will ever get a working decryption tool even if you do what they want.
The full text of the ransom note is as follows:
Your network is LOCKED. Do not try to use other software. For decryption KEY write HERE:
flapalinta1950 at protonmail dot com
xersami at protonmail dot com
There is no known freely available decryption tool for the Deno ransomware and the best way to restore encrypted files remains to resort to offline backups.