1 of 2
Danger level 9
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Block exe files from running
  • Connects to the internet without permission

DeriaLock Ransomware

If you are not careful opening email attachments, then your computer might become infected with DeriaLock Ransomware, a dangerous computer infection that was designed to encrypt most of the files on your PC and demand that you pay money for the decryption key. Also, it will prevent you from using your PC entirely as it locks the computer screen and blocks Task Manager from running to prevent you from terminating the process of this ransomware. Removing this program is highly recommended, but if you want to find out more, please read this whole article.

Our research has revealed that this particular application is distributed using malicious email attachments. The emails are known to be sent from a dedicated email server, and they masquerade as legitimate invoices, tax return forms, or some business correspondence of some nature. The text is not important because such emails usually do not contain much of it. However, the important thing here is the attached file that may look like a regular Word or PDF file, but secretly contain malicious code that initiates the download of this malware.

Our research has shown that DeriaLock Ransomware works similarly to many other ransomware-type programs. If you open the malicious file attached to the email, it will download its main executable named LOGON.exe to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup and launch it immediately. This program encrypts files secretly, and once the encryption is complete it will render a dialog box with a message that reads "Hey, I encrypted your Private files! to get your files back follow the instructions!" Note that it encrypts all files located in %USERPROFILE% and its subfolders. And it adds the “.daria” file extension to the end of the file name. Changing the extension will not decrypt the files, however. It is worthy of a note that this ransomware encrypts .exe and .dll files in addition to various file formats that contain images, videos, documents, and so on. This ransomware was designed to target file formats that are likely to feature personal information for which you would be more willing to pay the ransom.

Once the encryption is complete, it will open Its User Interface window claiming that all your files were encrypted. The cyber criminals behind this ransomware claim that DeriaLock Ransomware will delete some of your files if you try to delete it. Also, they claim that it will delete all of your files if you do not pay until the timer runs out. The timer is set to run out in 24 hours. The criminals ask you to pay 20 US dollars or 20 Euros, but we would like to point out that there is no guarantee that your files will be decrypted once you have paid. The program might not register the payment, or the developers might not have implemented an automatic decryption on payment feature.

You can try paying the ransom because it is not a lot of money, but if you do not want to pay it then you should consider removing this ransomware entirely. Do now worry about the claims to delete all of your files because this program will not do that. However, you will need to boot your computer in Safe Mode to actually use it and go to the folder where the executable is stored and get rid of it. You can do this manually, or you can install an anti-malware program such as SpyHunter to do that for you.

Boot your PC in Safe Mode With Networking

Windows 10/8.1/8

  1. Press the Windows Key.
  2. Type Change advanced startup options in the search window and press Enter.
  3. Under the Recovery tab, select the Restart now option under Advanced startup.
  4. Select Troubleshoot.
  5. Select Advanced options and go to Startup Settings.
  6. Click the Restart button.
  7. Select Enable Safe Mode with Networking by pressing 5.

Windows 7 and Vista

  1. Open the Start menu and click Restart.
  2. Press and hold the F8 key as your computer restarts.
  3. On the Advanced Boot Options screen, select Safe Mode with Networking, and then press Enter.

Windows XP

  1. Click the Start button and then click Restart.
  2. Press and hold the F8 key as your computer restarts.
  3. On the Advanced Boot Options screen, select Safe Mode with Networking, and then press Enter.

Remove delete LOGON.exe

  1. Press Win+E keys.
  2. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup in the address box and hit Enter.
  3. Find LOGON.exe.
  4. Right-click it and click Delete.
  5. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* DeriaLock Ransomware
  • Quick & tested solution for DeriaLock Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.