Types header





Encryption Type

AES-RSA to encrypt

Short Description

This ransomware targets both Russian and English Speaking Victims. Once this ransomware is installed the desktop of victim will be changed into an evil looking Santa who has good time, while it encrypts the victim’s file


The desktop of the victim will be changed as shown below.

Distribution Method



More Details

The ransomware mode of infiltration still remains unknown, but once it gets installed in the victim’s device it generates an AES password and then starts to encrypt the victim’s computer through scanning the device completely targeting some specific files. When it encrypts a file it adds up .ded extension to it. Some of the file types this ransomware targets are as given in the following.

For an example if there is a file named unknown.jpg it gets renamed into unknown.jpg.ded when encrypted.

Once these are done then it will encrypt the file with the key that are retrieved from the C&C server.

After the encryption process it replaces the desktop wallpaper of the victim by an image that contains the ransom amount and the further details of how to pay and the mail ID to which the ransom is to be paid.