Defray Ransomware

The appearance of Defray Ransomware on your system would probably be the worst nightmare and biggest devastation that you have ever seen on your PC. It seems so far though that this dangerous ransomware threat has only been targeting specific corporations in the UK and the US. Since it encrypts all important files on a system and demands thousands of dollars for the decryption key, you can imagine how many private users could afford it. This vicious threat was coded in C++ and uses multiple encryption algorithms for best security against hackers. Unfortunately, there is no other way to recover your files once this beast has hit you than paying the ransom fee. We never encourage anyone to do so because that would be like supporting cybercrime. In fact, we recommend that you remove Defray Ransomware immediately if you want to be able to restore your PC. Please continue reading our article if you would like to find out more about this severe threat and how you may be able to defend your PC against similar hits.

This ransomware has been found spreading in phishing e-mails that are custom-made for each targeted company. This mails contains a Microsoft Word document as an attachment that is indeed the executable malicious file since it hides macro code that can download and initiate this attack in the background. You may believe that this document is something important for you to check in relation to an online hotel room or flight booking, or some issue with your credit card details. In any case, this e-mail can be very convincing and misleading, no wonder how and why victims have fallen for it. For starters, the sender name and e-mail address pair can look totally authentic and believable. Then, there is the subject line that can convince even more experienced computer users to want to open this mail. However, if you open this mail, you will be quite likely to want to see the attachment as well since this mail will not really reveal any details about the supposed subject matter. These phishing mails have been targeting mainly companies in the areas of Education and Healthcare as well as Manufacturing and Technology. Please note that just because you delete Defray Ransomware, it does not mean that your files will be recovered. Unfortunately, by the time you have an opportunity to eliminate this threat, all your important files will have been encrypted beyond repair and thus rendered useless.

According to its ransom note, this dangerous ransomware program "uses AES-256 for encrypting files, RSA-2048 for storing encrypted AES-256 password and SHA-2 for keeping the encrypted file integrity." In fact, this malicious threat creates two types of ransom note files on your system. First, it places one file called "HELP.txt" on your desktop and another called "FILES.TXT" in every folder where files have been encrypted. Strangely enough, this infection does not modify the file name and does not add its own extension either. Apart from encrypting all the important documents, images, archives, project files, and program files, it also deletes the shadow volume copies, system logs, prevents PC from going to sleep, and disables startup recovery. We could say that this is a professional attack that tries to leave no room for mistakes.

This ransomware program also disables .exe files as well as your Task Manager and other main processes, so at first you would definitely think that there is something seriously wrong with your PC. In fact, the ransom note instructs you to "contact someone from IT department" to handle this attack. These cyber crooks demand as much as 5000 USD worth of Bitcoins in return for the decryption key. You are supposed to write an e-mail to contact these criminals to one of three provided addresses: glushkov@protonmail.ch, glushkov@tutanota.de, and igor.glushkov.83@mail.ru. Of course, we cannot tell big corporations what to do since their databases and project files could store extremely sensitive and personal data. It is quite likely that their IT department will not be able to do anything either to recover these files unless they have recent backups that have not been touched by this malicious attack. In any case, we never advise individuals to contact cyber criminals or to pay them any money. As usual, we recommend that you delete Defray Ransomware as soon as possible.

Finally, it is time to talk about solutions. If you cannot use your Task Manager (Ctrl+Shift+Esc) to kill the malicious process or open your File Explorer, it means that these processes are still blocked by this dangerous ransomware. We have found that this block may be released after five minutes or so that could be due to a program crash. So in case you cannot start these programs, you can always restart your computer. Then, you can delete the related program and all suspicious files you have recently downloaded. Please follow our instructions below if you believe that you can identify suspicious programs. If not, we advise you to use a reliable anti-malware program that can automatically detect and eliminate all known malicious threats and more. A security tool like SpyHunter can make your virtual world a safe place to be.

How to remove Defray Ransomware from Windows

1. Press Win+E.
2. Check the default and your chosen download folders (Desktop, Downloads, %Temp%) for any suspicious files and delete them.
3. Delete all the ransom note files on your system.
4. Empty your Recycle Bin.
5. Restart your computer.