- Can't be uninstalled via Control Panel
- Block exe files from running
- Connects to the internet without permission
If you are not careful opening email attachments, then your computer might become infected with DeriaLock Ransomware, a dangerous computer infection that was designed to encrypt most of the files on your PC and demand that you pay money for the decryption key. Also, it will prevent you from using your PC entirely as it locks the computer screen and blocks Task Manager from running to prevent you from terminating the process of this ransomware. Removing this program is highly recommended, but if you want to find out more, please read this whole article.
Our research has revealed that this particular application is distributed using malicious email attachments. The emails are known to be sent from a dedicated email server, and they masquerade as legitimate invoices, tax return forms, or some business correspondence of some nature. The text is not important because such emails usually do not contain much of it. However, the important thing here is the attached file that may look like a regular Word or PDF file, but secretly contain malicious code that initiates the download of this malware.
Our research has shown that DeriaLock Ransomware works similarly to many other ransomware-type programs. If you open the malicious file attached to the email, it will download its main executable named LOGON.exe to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup and launch it immediately. This program encrypts files secretly, and once the encryption is complete it will render a dialog box with a message that reads "Hey, I encrypted your Private files! to get your files back follow the instructions!" Note that it encrypts all files located in %USERPROFILE% and its subfolders. And it adds the “.daria” file extension to the end of the file name. Changing the extension will not decrypt the files, however. It is worthy of a note that this ransomware encrypts .exe and .dll files in addition to various file formats that contain images, videos, documents, and so on. This ransomware was designed to target file formats that are likely to feature personal information for which you would be more willing to pay the ransom.
Once the encryption is complete, it will open Its User Interface window claiming that all your files were encrypted. The cyber criminals behind this ransomware claim that DeriaLock Ransomware will delete some of your files if you try to delete it. Also, they claim that it will delete all of your files if you do not pay until the timer runs out. The timer is set to run out in 24 hours. The criminals ask you to pay 20 US dollars or 20 Euros, but we would like to point out that there is no guarantee that your files will be decrypted once you have paid. The program might not register the payment, or the developers might not have implemented an automatic decryption on payment feature.
You can try paying the ransom because it is not a lot of money, but if you do not want to pay it then you should consider removing this ransomware entirely. Do now worry about the claims to delete all of your files because this program will not do that. However, you will need to boot your computer in Safe Mode to actually use it and go to the folder where the executable is stored and get rid of it. You can do this manually, or you can install an anti-malware program such as SpyHunter to do that for you.
Boot your PC in Safe Mode With Networking
Windows 7 and Vista
Remove delete LOGON.exe