Ransomware - DEDSEC

DEDSEC
Decryptor Available
No
Description

Twitter/X user @siri_urz first unveiled DEDSEC. However, it appears that this ransomware was created by GitHub user 0xbitx - who claims to reside in the Sichuan province of China - at least a month before its discovery. It also appears that the version here is a bit different than the version posted on the user's GitHub repository, but the only difference seems to be subtle nuances in the ransom note and the operating system they target. This one targets Windows, while the version posted on GitHub targets Linux. Nevertheless, this ransomware is considered crypto-ransomware and FOSS because it encrypts files and is readily available on GitHub, respectively. The Windows version is written in Python and bundled with PyInstaller. We were able to partially reverse the sample and determine it uses symmetric cryptography, believed to be AES. However, we couldn't determine the bit size of the algorithm.

Upon execution, the ransomware attempts to play a sound as it encrypts files and changes the file names with a concatenated ".dedsec" extension. Furthermore, the ransom note is part of the executable; it doesn't "drop" a ransom note. It simply displays the ransom note in the application window with the same name as the executable. For fans of Scream and Ghostface, you'll recognize the ASCII art within the ransom note. This ransom note is mirrored as the desktop wallpaper too. So, you can't miss it. The ransom note tells victims to contact the threat actor(s) via Telegram.

Ransomware Type
Crypto-Ransomware
FOSS
Country of Origin
China
First Seen
Last Seen
Threat Actors
Type
Actor
Individual
0xbitx
Extortion Types
Direct Extortion
Extortion Price Increases
Encryption
Type
Symmetric
Files
AES
Crypto Wallets
Blockchain Type
Crypto Wallet
BTC
36ALguYpTgFF3RztL4h2uFb3cRMzQALAcm
File Extension
<file name>.<file extension>.dedsec
Ransom Note Name
<same as executable name>
Samples (SHA-256)
a19656adec64b83834cb95a9007cf102bc7cce24d513e9d5b8b1ac4dd7aa926f
References & Publications