• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Desu Ransomware

August 1, 2018Simeon Georgiev

Ransomware removal experts found yet another cyber risk in the security circle that is classified as a ransomware. The ransomware known as Desu Ransomware has been noted for modifications in the contents of registry entries in systems that run on Windows.

After entering into a computer system stealthily, the ransomware proceeds to apply encryption on the data that is saved on the storage devices of victims’ PCs. An extension of ‘.desu’ is added to the files that are encrypted. Subsequently, the affected files with this extension are unable to be accessed, opened or modified by the users. Ransomware removal experts found the algorithm used for encryption to be RSA.

Ransomware removal experts have also noticed that with each attack, the ransomware campaign applies different strategies and is smart enough to be distinct. This means that even the encryption algorithms vary depending upon a victim. The decryption software that can decrypt these encryption algorithms is located in a remote server of the cybercriminals. Thus, if authorities are able to find their physical hideouts, victims’ files can be decrypted easily.

The Ransom Note

A ransom note is provided by the cybercriminals after the encryption process. The message starts with the title ‘Desu Ransomware’ and proceeds to acknowledge the encryption of victim’s files. Moreover, it is stated that the files can only be unlocked through the use of a decryption key.

Cybercriminals then dissuade users from using any anti-ransomware or recovery tools and warn the loss of data as a consequence.  Additionally, communication with a security company is discouraged as hackers state that such companies cannot do anything for ransomware removal. An email address of j0ra@protonmail[.]com is provided for future communication.

Lastly, Ransom demand is asked in the form of Bitcoin equaling 200 dollars with a cryptocurrency wallet address for transfer of funds.

 

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Riverside Police Department Reeling from the Effects of a Ransomware Attack Next post Jewsomware Ransomware

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

BitPaymer Ransomware Traced Back to Dridex Developers

February 1, 2018Simeon Georgiev
BitPaymer Ransomware Traced Back to Dridex Developers

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.