Ransomware Research
Deadly Ransomware
Deadly is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on October 1, 2016, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Deadly for a Good Purpose.
Quick Facts
- Ransomware Family
- Deadly
- First Seen
- October 1, 2016
- Known Aliases
- Deadly for a Good Purpose
How Deadly Ransomware Works
Targeted Files
filesencrypted.html file on the Desktop
File Encryption Patterns
Deadly modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..a858
Ransom Note and Payment Demands
After encrypting files, Deadly displays ransom notes demanding payment for file recovery:
ransom.html
Note locations:
Desktop
ransome.html
Ransom message:
notes/ransome.html
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Deadly ransomware:
A858SEPJANBLEED.exe
ransomware
core32x86.exe
script_libraries_download.exe
Windows Host Application.exe
Elastio Can Help You
Don't let Deadly ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Deadly ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Deadly.
Last updated: July 30, 2025