A new variant of the EDA2 ransomware has been spotted, calling itself DEDCryptor.
Files are encrypted with AES-256 using a secure 32-character password unique for each victim, and have the extension ".ded" added.
The victim's background is set to the following image after encryption has finished. No ransom note is left behind.
The following extensions are targeted.
.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .dll, .lnk, .pdf
Unfortunately, there is no way to decrypt victim's data at this time.