Dedcryptor Ransomware Removal Guide

Do you know what Dedcryptor Ransomware is?

According to our specialists, Dedcryptor Ransomware might be distributed via Spam email. It looks like users receive an executable file that might be mistaken with Kaspersky antivirus. Probably, users think that the file is not malicious and open it without taking any precautions. To their surprise, the malware encrypts their data in a matter of minutes and changes their desktop picture with a ransom note. If this happened to you as well, we advise you to delete the malware while using the removal guide below. There is a chance that cyber criminals who developed the ransomware will not give you the decryption key whether you pay the ransom or not. Given that the asked price is 2 Bitcoins, which is approximately 1,523 US dollars at the moment, you may not want to risk losing such a huge sum.

As we mentioned at the beginning, the malicious file might travel via Spam email. For instance, the attachment could be an executable file that seems to be related with Kaspersky antivirus. Unfortunately, the file itself is Dedcryptor Ransomware and once launched it begins to encrypt data on users PC. All files that you do not expect to receive or come from unknown sources should be checked with a legitimate antimalware software. Most of infections are spread via malicious email attachments, so we urge you to be more careful not without a reason. It is better to wonder what the attachment was for than open it and have your whole personal data locked by a malicious program.

Dedcryptor Ransomware does not copy any of its files on your computer. Instead, it works right from where you downloaded the malicious attachment and launched it. For example, if you save it on your desktop, you might see a file that has the Kaspersky antivirus title and imitates the original icon. Thus, when users launch this file they activate Dedcryptor Ransomware, which encrypts their personal data. Users should notice that their files now have another extension at the end, e.g. picture.jpg.ded, presentation.pptx.ded, and so on. Also, the malware might change user’s default desktop wallpaper with ded.png. This file should appear in the %USERPROFILE% directory. The picture has a text that is written both in English and Russian languages. Besides, it has a twisted portrait of Santa Claus that says “DED cryptor.”Dedcryptor Ransomware Removal GuideDedcryptor Ransomware screenshot
Scroll down for full removal instructions

The text on the desktop picture explains that your files were encrypted and to decrypt them you have to pay a ransom of 2 Bitcoins. The note does not say how to transfer the money, but it requires users to contact the cyber criminals via email ( To make matters worse you are given only 24 hours to make the payment, so there is not much time to think about it. On the other hand, even if you have data that is very precious to you, paying the ransom is not something we would recommend you to do. The cyber criminals say that you will get the decryption key, but in reality, there are no guarantees. Still it is your choice if you want to risk losing more than one thousand and five hundred dollars.

Those who want to get rid of the malware should check the removal guide below this text. Users will need to find and erase the malicious email attachment, so the instructions will give you a few ideas of where you might have downloaded this file. If you find this task too difficult for you to handle, there is another option. Users can download a trustworthy antimalware tool and let it deal with the malicious program. All you have to do is set the antimalware tool to scan your computer and wait till it finishes this task. Once, the results appear you can delete Dedcryptor Ransomware together with other possible detections..

Erase Dedcryptor Ransomware

  1. Press Windows Key+E.
  2. Look for the malicious file in the Desktop, Downloads, or Temporary Files directories (or any other location where you might have saved the email attachment).
  3. Right-click the infected file and select Delete.
  4. Delete ded.png file from the %USERPROFILE% directory.
  5. Close the Explorer and empty Recycle bin.

In non-techie terms:

Dedcryptor Ransomware is a malicious application that was most likely created by cyber criminals from Russia. However, since their demands are written not only in Russian but also in English; it could be that they target users from various countries. Since they ask to pay a huge sum of money, we do not advise you to risk your savings. However, even if your files will remain encrypted, you should still delete the malware from your system. For that users could either use the instructions above or download an antimalware tool.