Ded Cryptor targets both English-speaking and Russian-speaking Windows OS users and the method of distribution is currently unknown. Ded Cryptor is an EDA2-based ransomware variant and, although EDA2 ransomware could be decrypted for free in the past, the author of this malware has instituted a change that renders current free decryption tools ineffective. Once installed, this variant creates an AES key and encrypts the infected system’s User Profile folder and the files contained within it. When that process is complete, it then encrypts the AES key and sends it back to its C2 server. This variant does not create a ransom note text file but the ransom instructions are displayed on the desktop background image. Ded Cryptor appends all encrypted files with the extension .ded and demands a ransom payment of 2 Bitcoin.
- Bleeping Computer provides more information about Ded Cryptor here.
- The NJCCIC is not aware of any decryption tools available for Ded Cryptor.