Darus Ransomware
An increasing number of cyber crooks opt to create ransomware threats that are based on already existing data-locking Trojans, which have been successful in generating revenue. This is easier than building a brand new ransomware threat from scratch certainly. One of the newest such Trojans is the Darus Ransomware. This file-encrypting Trojan is a variant of the widely known STOP Ransomware.
Spreading and Encryption
It is not yet clear what propagation method the authors of the Darus Ransomware are employing in the spreading of their creation. Some malware experts believe that it is likely that this Trojan may be propagating via spam emails that contain macro-laced attachments, infected pirated applications, which are downloaded from unsafe sources and fraudulent software updates. Once the Darus Ransomware finds its way into your system, it will scan it. This way, the Darus Ransomware will determine the locations of the files, which it targets. Then, the encryption process begins. All the newly locked files will have their extensions altered once they go through the encryption process of the Darus Ransomware. This data-locking Trojan adds a ‘.darus’ extension to the end of the filename. For example, an audio file, which was called ‘pink-shark.mp3’ originally will be renamed to ‘pink-shark.mp3.darus.’
The Ransom Note
Next, the Darus Ransomware drops a ransom note called ‘_readme.txt.’ This is typical behavior for a ransomware threat that belongs to the STOP Ransomware family, as most of them use this ransom note name. The note states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
varasto@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:’
The attackers do not mention a specific ransom fee. They offer the user two email addresses where they can be contacted – ‘gorentos@bitmessage.ch’ and ‘varasto@firemail.cc.’ Additionally, the victim can also contact them on Telegram @datarestore.
We advise you against paying cybercriminals. Not only is there no guarantee that you will receive a decryption key, but your money will go to fund their criminal activity in the future. Instead, you should download and install a reputable anti-malware application, which will wipe off the Darus Ransomware from your PC.
