Home / Spyware Help / DeadSec-Crypto Ransomware Removal Guide

DeadSec-Crypto Ransomware Removal Guide

by 0 Comments

Do you know what DeadSec-Crypto Ransomware is?

If your PC is hit by DeadSec-Crypto Ransomware, you may be shocked as it locks your screen with its ransom note, but you need to know that this might just be your lucky day. This ransomware infection has been around for about a month now but it seems that it is not a finished version. One simple sign that makes us believe so is that it does not actually encrypt your important files as it claims in its note. This ransomware program mostly attacks computer users in Brazil and Portugal as we can conclude based on the language of the note. Although this threat may not encrypt your files, who knows what else it can do in the background without your knowledge. Thus, we highly recommend that you remove DeadSec-Crypto Ransomware right away. Before we reveal our method to eliminate this malicious program, please read our full report to learn more about this infection.

There are two main channels for this semi-functioning ransomware program to slither onto your system. First, it is possible that you receive a spam mail that has an attachment. This attached file may be called “WindowsApplication1.exe” but it can also be disguised as something else. For example, it may show up as a text document with macro or an image. The icon of this file can also reflect this fake file type to be even more misleading. But it is still a malicious .exe file that can initiate this attack if you happen to click to view it. This spam could be very convincing and seemingly important, too. This is reached by the authentic-looking sender names and e-mail addresses, which can appear to come from local authorities, banks, Internet providers, and other well-known companies and services. The subject of this mail can regard any urgent matter that would draw your attention to it with a feeling of “OMG.” Such matters can include unpaid speeding ticket, parking fines, issues with your credit card details in an online shopping, and the like. We would like to warn you that when it comes to ransomware programs, your only chance to avoid such a hit is prevention. Remember that if a finished version hits you, even if you delete DeadSec-Crypto Ransomware, you cannot save your files as they will all be encrypted.DeadSec-Crypto Ransomware Removal GuideDeadSec-Crypto Ransomware screenshot
Scroll down for full removal instructions

Another possibility is that you click on the wrong third-party content. More precisely, you may click on a third-party pop-up that offers you software update of some sort. Unfortunately, a lot of inexperienced computer users can fall for such a trap and become the next victim. This can happen when your system is infected with an adware program or when you land on a suspicious website promoting several third-party ads. In addition to avoiding such shady webpages and clicking on random third-party ads, we also recommend that you keep your browsers and drivers always updated because you might also end up on a malicious page that is built on Exploit Kits. If your browsers or drivers are out of date, loading such a page in your browser could drop such an infection. No matter how you got infected, we advise you to remove DeadSec-Crypto Ransomware right now.

This ransomware infection pretends to encrypt your files, which does not function in this version; however, we cannot know how soon the next one will hit the web that will actually work properly. Still, the ransom note window hits your screen and it appears like you cannot close it. This infection creates the feeling of a screen lock as its window covers the whole screen and there is no close button on it. If you are not an experienced user, you may really think that your files have been encrypted and the only way for you to recover them is to pay the demanded ransom fee. This infection even changes the file names it is supposed to encrypt by adding a “.locked” extension. However, if you check these files, you will realize that the content has not been altered or ciphered.

The ransom note offers you the decryption key for 0.05 Bitcoins, which is about $110 at current rate. You should know that it is never safe to contact or transfer money to cyber criminals, not to mention the fact that you would support cybercrime. But in this case you do not even need to worry for a moment because you can delete DeadSec-Crypto Ransomware from your system without risking the loss of your files. Such an attack should be a good lesson to understand the need for a backup copy of your most important files. You can do backups to a removable drive or to a cloud storage place.

We suggest that you close the ransom note window by tapping the Alt+F4 combination and rebooting your system in Safe Mode. After identifying and killing the malicious process, you can remove all related files and registry entries if you find any. Please use our instructions below as a reference if you plan to take matters into your own hands. As you can see, such a dangerous program can this easily penetrate your system if you are not cautious enough. On the other hand, your virtual experience should not turn into a nightmarish paranoia. This is why we suggest that you protect your PC with a powerful anti-malware program, such as SpyHunter.

How to reboot your PC in Safe Mode

Windows XP/Windows Vista/Windows 7

  1. Reboot your computer.
  2. Press the F8 key a few times to launch the Boot menu.
  3. Using your arrow keys, navigate to Safe Mode, and press the Enter key.

Windows 8/Windows 8.1

  1. On the Metro UI screen press the Power icon.
  2. Tap and hold the Shift key and click on Restart.
  3. Select Advanced options from the Troubleshooting menu.
  4. Navigate to Startup Settings and press Restart.
  5. Press the F4 key to reboot in Safe Mode.

How to remove DeadSec-Crypto Ransomware from Windows

  1. Open your Task Manager by tapping Ctrl+Shift+Esc simultaneously.
  2. Locate the malicious process in the list and click End task.
  3. Close the Task Manager.
  4. Press Win+R and type regedit. Click OK.
  5. Check if HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key has a suspicious new entry and remove it.
  6. Close the editor.
  7. Open the File Explorer by tapping Win+E simultaneously.
  8. Delete the malicious file you saved and launched. If you do not recall the location, you can first check these default folders for any suspicious files: %TEMP%, %USERPROFILE\Downloads, or %USERPROFILE\Desktop
  9. Empty your Recycle Bin and reboot your PC in Normal Mode.

In non-techie terms:

DeadSec-Crypto Ransomware is definitely bad news if you find out that it has infiltrated and infected your system. However, our researchers say that this early version may not even encrypt your files and only lock your screen seemingly. This ransomware seems to attack mainly computer users in Brazil and Portugal as its ransom note suggests. We never advise anyone to pay criminals any money for the decryption key or tool, or in fact for any other reason. In this case it is even more so since all you need to do is remove DeadSec-Crypto Ransomware immediately from your system. If manual removal is out of the question for you, we recommend that you employ professional help in the form of an anti-malware program that you can trust and find reputable enough.