Deadly ransomware - How to remove

Deadly ransomware proclaims to encrypt people’s files “for a good purpose”. We highly doubt that this is true as crooks will probably waste it on a celebration of their victory or sponsor another project of a ransomware. It is quite difficult nowadays to keep up with every new release of such virus as crooks are being surprisingly efficient with the generation of monsters. The deeper you go into the forest, the more trees you see: it is similar with the crypto-ransomware giants that seem to duplicate in no time at all. The name of the Deadly virus serves it right as it might be the cause of a permanent loss of your files. In other words, this infection might lead to a deadly outcome in which you will lose all of your documents, photos and other personal content. To quickly summarize this article, at first we will discuss the main features of Deadly virus. Secondly we will turn to the possible ways that his ransomware can invade your computer. Thirdly, we are going to inform you about methods to become immune to such viruses and the possibility of decryption without paying the demanded ransom.

About Deadly ransomware

Deadly virus takes advantage of the tactics that are already widely-utilized by crooks. The payload of every ransomware attempts to hide its identity and presence until the encryption is successfully concluded and it is time to start the game. A scary voice, saying “do you want to play a game?” perfectly fits in this situation as it won’t be a pleasant experience for a computer owner to be informed about the fact that his/hers device has been strongly influenced by a ransomware. Before this revelation, people might have no idea that their device has been infected. Yes, it might be that the payload will take up some of the CPU resources for the scanning and encrypting but it might not be as noticeable as it should be. The first mission for Deadly virus is to modify Windows Registry Keys. This is a small but significant alteration which will allow the payload to silently run after every time users reboot their devices.

If the Deadly virus remains undetected, it will have the luxury to start the encryption. We have reason to believe that this variant will target all sorts of files: none of your data is secure. After this process is done, crooks will leave behind a ransom note with the instructions for further actions. This piece of paper allows people to click on a shortcut, saying “View encrypted files” to see which files have become casualties of a virus. Another information includes the encryption algorithm, selected by the Deadly virus: AES-256. The fee for decryption is stated to be 500 US dollars. Of course, crooks won’t waste their time to meet up with their victims and get a briefcase full of cash. Nowadays, crooks ask for the payment to be sent in Bitcoins (0.7810 BTC) so they would be able to conceal their identity but still celebrate income. The letter from the creators of Deadly virus looks like this but you can also see it in the screenshot above:

“Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click “Show encrypted files” Button to view a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key AES-256 generated for this computer. To decrypt files, you need to obtain the private key. The only copy of the private key, which will allow you to decrypt your files is located on a secret server on the Internet; the server will eliminate the key after a time period specified in this window. Once this has been done, nobody will ever be able to restore files…

To decrypt the file you will need to send $500 USD in the form of BTC to the following bitcoin address: [bitwallet] (How to buy bitcoins?)
After payment contact {e-mail} with your transaction details and “USER ID”. Once the payment is confirmed you will receive decryption key along with decryption software. Any attempt to remove or corrupt this software will result in immediate elimination of the private key by the server. Beware.”

How is Deadly Ransomware Distributed?

Ransomware has a tendency to spread via email accounts. Deadly virus can be exploiting the same possibilities for distribution. For example, if you receive an interesting letter in your inbox, resist the immediate temptation to open it. It might be that crooks have crafted that letter for the sake of infecting you with malware. If you have absolutely no intention of being jeopardized by a ransomware virus, then please clean your email accounts from spam regularly. If a bizarre letter catches your eye, please do not download attachments from it. On the other hand, infectious letters can contain external links. The destination might lead you to a payload of a ransomware.

How to Decrypt Files Encrypted by Deadly Ransomware?

Deadly virus, as you might guess from its name, is no joke. It will destroy all of your files as a consequence of you not paying its creators. However, we still do not recommend to do this. This is a waste of your resources as the crooks probably won’t provide you with a properly working decryption key and software. It is much more advisable to make copies of all encrypted files (in case Deadly ransomware really does delete them). For the future bear in mind that you can back-up your files in storages or keep them in USB flash drives. This almost effortless method will help you become invulnerable to ransomware. As for the elimination, you can run a full security scan and see if the payload is successfully detected. At the moment there are no decryption tools that we know about but we are sure that one will be invented soon. You can try Spyhunter or Malwarebytes for the automatic elimination of Deadly virus. Manual tips can be found below.

How to recover Deadly ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before Deadly ransomware has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of Deadly ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Deadly ransomware . You can check other tools here.  

Step 3. Restore Deadly ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Deadly ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover Deadly ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.