DeathRansom Ransomware Removal Guide

Do you know what DeathRansom Ransomware is?

DeathRansom Ransomware systems to be a newly created file-encrypting threat. So far, our computer security specialists found two different versions of it. One of the variants does not encrypt files, while the other encrypts data, but does not mark encrypted data with a specific extension as it was programmed to do. Thus, whether your files will become unusable or not may depend on which version you receive. Further, in our report, you can learn more about these two different versions, for example, how they might be spread and what could happen if they enter your system. Also, at the end of this article, we display a removal guide that shows how to delete DeathRansom Ransomware manually. If you think the process is too complicated, we advise eliminating the threat with a reputable antimalware tool of your choice.

DeathRansom Ransomware might be spread through unsecured RDP (Remote Desktop Protocol) connections, which is why our researchers recommend removing such vulnerabilities at once if you care about your computer’s safety. Plus, it is advisable to take care of weaknesses like outdated software and weak passwords. There is also a possibility that the malware might be traveling with Spam emails. To avoid receiving threats via email, you should never open files received from unknown senders or data that you did not expect to receive. The safest option is to stay away from such emails and data they could be carrying. However, if you feel curious, we highly recommend scanning files received from questionable sources with a reliable antimalware tool, so you would know if they are malicious or not before launching them.

As we mentioned earlier, there are two versions of DeathRansom Ransomware. One of it does not encrypt files, but marks targeted data with the .wctc extension and shows a ransom note. The second variant encrypts files and displays a ransom note, but it does not append any second extension to its affected files. As a result, users who receive the first variant might think their data is locked if they do not try to remove the malware’s extension and launch it. As for those who encounter the second variant, they might not notice the malicious application’s presence as fast as the victims of the first version. The main thing that both of the DeathRansom Ransomware’s versions have in common is the creation of a ransom note that could be called read_me.txt. Both of them should explain that decrypting data is possible only with a unique decryption key.DeathRansom Ransomware Removal GuideDeathRansom Ransomware screenshot
Scroll down for full removal instructions

Moreover, both of the ransom notes ought to explain how to contact the threat’s developers and that all victims can send a couple of files for free decryption. By promising to unlock some files free of charge, hackers want to convince their victims that they have the decryption keys they promise. However, we do not recommend putting up with any demands if your files were not encrypted as the malware’s note claims or if you do not want to risk being scammed.

For users who do not want to put up with any demands, we advise deleting DeathRansom Ransomware. If you think you can get rid of it manually, we can offer our removal guide available below this paragraph. The other way to delete DeathRansom Ransomware is to scan your system with a reputable antimalware tool and press its provided removal button.

Eliminate DeathRansom Ransomware

  1. Restart your computer in Safe Mode with Networking.
  2. Click Windows Key+E.
  3. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  4. Identify the malware’s launcher (could be any recently obtained file), right-click the malicious file, and select Delete.
  5. Find files titled read_me.txt, right-click them and choose Delete.
  6. Exit File Explorer.
  7. Press Windows Key+R, type Regedit, and select OK.
  8. Navigate to this path: HKCU\SOFTWARE
  9. Look for a key called Wacatac, right-click this key and press Delete.
  10. Close the Registry Editor.
  11. Empty Recycle bin.
  12. Restart the computer.

In non-techie terms:

DeathRansom Ransomware leaves notes asking to contact the malware’s developers to learn how to pay ransom to get a unique decryption key that would allow decrypting the threat’s locked files. However, our computer security specialists say they have encountered a couple of its versions, and only one of them seems to be able to encrypt a user’s files. Therefore, if you see this malicious application’s ransom note on your computer, we advise checking if the malware encrypted your data or not. In either case, we do not recommend contacting cybercriminals if you do not want to risk losing your money in vain. There is a chance that they could scam you by not sending the promised decryption tools or starting to demand more money. If you decide you do not want to pay them, we advise deleting DeathRansom Ransomware with the removal guide available above or a reputable antimalware tool.