DeathHunters is a newly discovered ransomware strain based on the Chaos ransomware framework. First identified in file submissions on VirusTotal, this malware encrypts a victim’s files and demands a ransom of 1000 euros in Bitcoin for decryption. It appends a random four-character extension to encrypted files and leaves behind a ransom note titled “Read_it_or_Death.txt.”
This ransomware is particularly malicious and psychologically manipulative—its desktop wallpaper falsely accuses victims of engaging in illegal activities and references governmental agencies like the FBI. The ransom note continues this coercion by threatening to leak personal information online and report users to authorities unless payment is made.
DeathHunters Ransomware Overview
| Threat Name | DeathHunters Ransomware |
|---|---|
| Threat Type | Ransomware, Crypto Virus, File Locker |
| File Extension | Files are appended with a random four-character extension (e.g., .zypx) |
| Ransom Note | Read_it_or_Death.txt |
| Ransom Demand | 1000€ in Bitcoin |
| Bitcoin Wallet | 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV |
| Free Decryptor Available? | No |
| Detection Names | Avast: Win32:RansomX-gen, ESET-NOD32: MSIL/Filecoder.Chaos.A, Microsoft: Ransom:MSIL/FileCoder.AD!MTB, Kaspersky: HEUR:Trojan-Ransom.MSIL.Agent.gen |
| Symptoms | Files cannot be opened; they have a different extension. A ransom note is displayed. Cybercriminals demand payment in Bitcoin. |
| Distribution Methods | Malicious email attachments, torrent downloads, fake software updates, drive-by downloads, and Trojan infections |
| Damage Caused | Encrypts all files, threatens to leak personal data, may install additional malware like spyware or keyloggers |
Remove
DeathHunters Ransomware
With SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Ransom Note Text (Read_it_or_Death.txt)
Below is the exact text of the ransom note left by DeathHunters ransomware:
!!! ATTENTION !!!
YOUR SYSTEM IS COMPROMISED
READ WITH CAUTION!!!
HELLO YOU PEDO F**K.
Your System is now Hacked and under our Controll.
You have now 5 Hours to make a Payment of 1000 Euros in Bitcoin to our BTC Adress
and if the Payment is Confirmed by the Virus, it will Give you a Folder on your Desktop Called Viruskiller in which you can find the Programm to Remove the Decryption and Stop the Upload of your Files to our Servers. If Started the Decryption will be Gone and The Virus will be removed, this we Promise. We Dont Like Pedos but we accept your Privacy if you pay.
What will happen if i dont Pay ?
Well... After 5 Hours without Payment Your System will Start to Go Slow and Crazy.. The Virus will
Upload all your Files and Informations about you (Including Historys, Data, Credit, Everthing from You and your System) to our Servers. And we Will Send everthing to the Police and Release everything in the internet and Videos of you Watching Child P.....
OK OK I WILL PAY! What happens after Payment ?
Like we told you you get the Programm to stop and remove the virus.
we delete everthing of you this is Promised.
Where can i Buy Bitcoin ?
Well everywhere in the internet. Coinbase, Binance, Bitpanda etc.
Where to send the Payment of 1000 Euros in Bitcoin to ?
HERE: THIS IS OUR BITCOIN ADRESS:
17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
The Payment can take some time to be Received but the Virus will do everething automatically, Dont worry. We Promise to be there for you.
Best Wishes and Good Luck from Team: DEATHHUNTERSThis note uses psychological pressure and false accusations to frighten victims into paying.
How Did DeathHunters Infect Your Computer?
Cybercriminals use multiple methods to spread ransomware, including:
- Phishing Emails & Malicious Attachments – Fake emails trick users into downloading ransomware-infected files.
- Torrent Sites & Pirated Software – Downloading cracked games or applications often leads to ransomware infections.
- Fake Updates & Software Installers – Fraudulent browser update pop-ups can install malware.
- Trojan Loaders & Exploit Kits – Some malware spreads automatically through system vulnerabilities.
- Compromised Websites & Drive-by Downloads – Visiting an infected website can trigger automatic malware downloads.
How to Remove DeathHunters Ransomware (Step-by-Step Guide)
Remove
DeathHunters Ransomware
With SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Step 1: Disconnect from the Internet
- Unplug Ethernet cables and disable Wi-Fi to prevent further file encryption and data theft.
Step 2: Enter Safe Mode
- Restart your computer.
- Press F8 (or Shift + F8) before Windows boots.
- Select Safe Mode with Networking from the options.
Step 3: Use Task Manager to End Suspicious Processes
- Open Task Manager (Ctrl + Shift + Esc).
- Look for suspicious processes (e.g., unknown or randomly named executables).
- Right-click and End Task.
Step 4: Delete Malicious Files
- Open File Explorer and navigate to the following folders:
C:\Users\[Your Username]\AppData\RoamingC:\Users\[Your Username]\AppData\LocalC:\ProgramData
- Look for unfamiliar folders or recently modified files. Delete them.
Step 5: Remove Registry Entries
- Press Win + R, type
regedit, and hit Enter. - Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Delete suspicious registry entries.
Step 6: Scan Your System with Anti-Malware Software
Use a reputable anti-malware program like SpyHunter to detect and remove ransomware remnants.
Step 7: Restore Files from Backup
- If you have external backups or cloud storage, restore your data after removing the ransomware.
- If no backup is available, use data recovery software like Recuva or EaseUS Data Recovery Wizard.
How to Prevent Future Ransomware Attacks
Backup Your Data Regularly
- Keep multiple backups on external hard drives and cloud storage (Google Drive, OneDrive, Dropbox).
Use a Strong Antivirus and Firewall
- Keep real-time protection enabled to block malware.
Be Cautious with Emails and Links
- Never open suspicious email attachments or click on unknown links.
Keep Your System and Software Updated
- Enable automatic Windows updates and patch vulnerabilities in installed software.
Use a Secure Web Browser with Ad Blockers
- Install ad-blocking and anti-tracking extensions (uBlock Origin, NoScript).
Avoid Downloading Cracked Software
- Only download software from official and trusted sources.
Conclusion
DeathHunters ransomware is a dangerous file-encrypting malware that extorts victims using fear and psychological manipulation. Paying the ransom does not guarantee file recovery, so victims should focus on removing the ransomware and restoring files from secure backups. Implementing strong cybersecurity practices can prevent future infections and keep your data safe.
Remove
DeathHunters Ransomware
With SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
