Many people hold Christmas as an especially sacred holiday, when even hackers should forget their dirty goals and enjoy a glass of hot wine. Nevertheless, their actions do not cease even during the innocent holidays like Christmas evening. One of the security researchers discovered DeriaLock, a virus that is definitely not feeling the benevolent spirit of the holidays. Instead, it was caught red-handed on the most christmasy day of the year. Despite the fact that it entered the game at such an inconvenient time does not change the fact this threat requires some attention from the security analysts. This DeriaLock virus does not appear to be encrypting files of its victims, but simply locks the computer device. This means that infected devices won’t be able to execute tasks of any kind. After all, DeriaLock virus is not too cruel: it only demands 30 US dollars. However, since your pockets might be empty from buying all the Christmas presents and delicious treats, even 30 dollars can become a pricy fee.
Course of Action of DeriaLock Ransomware
DeriaLock virus, downloaded in a form of a harmless executable, will be loaded automatically, after it has successfully influenced your Windows Registry keys. Entries that are targeted mostly are the ones that are responsible to launch necessary applications after a device has been rebooted. After carrying out this objective successfully, it will move on to other deeds. It will intent to inquire victims’ machine name identifier and craft a 128-bit message digests. Hackers generate complicated hashes that won’t affect their own devices, only the ones that potentially can bring revenue to them. Then, as many ransomware viruses do, DeriaLock ransomware contacts command&control server. Action is done to inform the authors of DeriaLock virus about a new victim. Also, ransomware checks whether the virus is up-to-date. If it is not, the latest sample of DeriaLock virus is going to be placed in one of the categories.
After that, the scenario is quite clear: DeriaLock virus does not encrypt users files, but exploits a more convenient strategy of simply locking the infected system. Once the lock screen shows up, it won’t be easy to get rid of it. It is presumable that the authors of DeriaLock virus target not only English-speaking users, but extend their net into the bigger waters. People from Germany and Spain are the potential audience to receive this ransomware. Since hackers are not known for their attention to detail, they seemed to have forgotten to include a Spanish version of the ransom note. Even German and English are far from being written professionally.
Surprisingly, there seems to be two versions of DeriaLock virus. The first one is the one that we have already investigated. However, researchers noticed that there is sample of this ransomware which will encrypt files. This means that the access to your system won’t be blocked, but your files won’t launch. It is most likely that the affected data is going to be appended with .deria extension.
Ready to escape this sample of ransomware? We have no doubt that you do. However, if people that are infected with DeriaLock virus attempt to escape its dark screen by combining ALT and F4 buttons, they are going to be disappointed. The creators of ransomware have foreseen this attempt and programmed their product to display “Nice try mate =) I think that is a bad decision” message.
How to Decrypt Files that Became Ruined by DeriaLock ransomware?
A Christmas miracle – we can actually offer you a possibility of decrypting files with a help from a professional. Michael Gillespie has confirmed that he has generated a functional tool for decryption. If you are infected with this variant, make sure to contact this security researcher. He will surely help you restore your files without demanding 30 US dollars. Furthermore, the way that hackers expect to receive money is also a little tricky. As it turns out, DeriaLock virus demands that victims contact them through Skype, and then send them the fee. This is one of those moments that we question whether hackers made the right choice, but that is not our concern. We are simply glad that victims can retrieve their files without being scammed by hackers.
Update: the decrypter is now available at here: link. You can download it for free and successfully decrypt your files.
The Distribution of DeriaLock virus: How did I end up with this ransomware?
There is a number of methods that can be exploited for the transmission of DeriaLock virus. It can be involved in malicious spam campaigns that send infectious letters to random email inboxes. If you happen to receive a letter that contains a bizarre meaning and features a questionable attachment, be extremely cautious. Never download applications or other files that appear in your inbox. There is also a possibility of getting infected with a ransomware virus via infectious links, advertisements or other online content.
If you are infected with the first version of the DeriaLock virus, you should reboot your device into a Safe Mode and use a reputable tool to remove this threat from your device. Spyhunter or Malwarebytes won’t find it difficult to clean devices from malware: that is their mission.