Ranstop thwarts Deadmin ransomware attack

Ransomware test subject – Deadmin

Part of sophisticated network attacks targeting mostly businesses, Deadmin is a new ransomware pushed by hackers and cybercriminals on poorly protected systems.

The malicious software bundle comes with a plethora of features, which certainly will cause panic among system administrators and users. It includes password collectors, remote login hacking tools, port scanners, remote execution tools, brute force tools, which all work together to damage as much of the network as possible. The penetration of the vulnerable systems continues with the ransomware attack itself. 

Deadmin ransomware – test findings

The ransomware itself is not that complex, as it behaves like any other ransomware. Still, the files attacked by Deadmin are impossible to decrypt for now. Deadmin will first scan the system for a list of processes and services to kill. By terminating most of them, it will ensure that most of the user’s files will get encrypted. The list is quite long, and it includes database tools, as well.

Encrypted files are renamed, the “[DeAdmin@cock.li].DEADMIN” suffix is appended to each of them. After the encryption process, it drops the ransom note on the desktop, which is a basic note with a few instructions on how to recover the files.

Deadmin is just one of a long list of ransomware which appeared in the past few weeks. Unfortunately, targeted attacks also grew, and the list also includes hospitals. A study (https://onlinelibrary.wiley.com/doi/full/10.1111/1475-6773.13203) shows that patients are affected by the ransomware attacks. Schools are not exempted, California School District being one of the recent victims. Quite a few government organizations were also hit by ransomware, among them Johnson City’s Municipal Computer Systems and the City of Johannesburg. 

The private sector is one of the most attacked. Canadian organizations, French TV channels (M6) and U.S. financial institutions were all severely affected by ransomware attacks in the last few weeks.

Deadmin ransomware vs Ranstop – test results

TEMASOFT Ranstop detects this version of Deadmin ransomware soon after it starts encrypting files. Upon detection, alerts are triggered, and the malware process is stopped and quarantined. The altered files are automatically recovered so that the user doesn’t lose any critical document.

Click here to watch TEMASOFT Ranstop blocking Deadmin ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.