Twitter/X user @siri_urz first unveiled DEDSEC. However, it appears that this ransomware was created by GitHub user 0xbitx - who claims to reside in the Sichuan province of China - at least a month before its discovery. It also appears that the version here is a bit different than the version posted on the user's GitHub repository, but the only difference seems to be subtle nuances in the ransom note and the operating system they target. This one targets Windows, while the version posted on GitHub targets Linux. Nevertheless, this ransomware is considered crypto-ransomware and FOSS because it encrypts files and is readily available on GitHub, respectively. The Windows version is written in Python and bundled with PyInstaller. We were able to partially reverse the sample and determine it uses symmetric cryptography, believed to be AES. However, we couldn't determine the bit size of the algorithm.
Upon execution, the ransomware attempts to play a sound as it encrypts files and changes the file names with a concatenated ".dedsec" extension. Furthermore, the ransom note is part of the executable; it doesn't "drop" a ransom note. It simply displays the ransom note in the application window with the same name as the executable. For fans of Scream and Ghostface, you'll recognize the ASCII art within the ransom note. This ransom note is mirrored as the desktop wallpaper too. So, you can't miss it. The ransom note tells victims to contact the threat actor(s) via Telegram.