Ransomware removal experts found yet another cyber risk in the security circle that is classified as a ransomware. The ransomware known as Desu Ransomware has been noted for modifications in the contents of registry entries in systems that run on Windows.
After entering into a computer system stealthily, the ransomware proceeds to apply encryption on the data that is saved on the storage devices of victims’ PCs. An extension of ‘.desu’ is added to the files that are encrypted. Subsequently, the affected files with this extension are unable to be accessed, opened or modified by the users. Ransomware removal experts found the algorithm used for encryption to be RSA.
Ransomware removal experts have also noticed that with each attack, the ransomware campaign applies different strategies and is smart enough to be distinct. This means that even the encryption algorithms vary depending upon a victim. The decryption software that can decrypt these encryption algorithms is located in a remote server of the cybercriminals. Thus, if authorities are able to find their physical hideouts, victims’ files can be decrypted easily.
The Ransom Note
A ransom note is provided by the cybercriminals after the encryption process. The message starts with the title ‘Desu Ransomware’ and proceeds to acknowledge the encryption of victim’s files. Moreover, it is stated that the files can only be unlocked through the use of a decryption key.
Cybercriminals then dissuade users from using any anti-ransomware or recovery tools and warn the loss of data as a consequence. Additionally, communication with a security company is discouraged as hackers state that such companies cannot do anything for ransomware removal. An email address of j0ra@protonmail[.]com is provided for future communication.
Lastly, Ransom demand is asked in the form of Bitcoin equaling 200 dollars with a cryptocurrency wallet address for transfer of funds.