Experiencing an infection with the Deos Ransomware for the first time may be a bit of a scary experience because this crypto-threat uses a ransom message that may trick users into thinking that they are dealing with a well-crafted, state-of-the-art file encryption Trojan. However, the good news is that the only fancy thing about the Deos Ransomware is its ransom note, and its primary features are quite lackluster because this threat is based on the HiddenTear project. HiddenTear variants have been on the rise in the last few weeks, and security researchers have encountered several other threats based on the same project – the MoWare H.F.D Ransomware, the Decryption Assistant Ransomware and the Kee Ransomware. Just like the latter three, the Deos Ransomware also is decryptable, and victims of this threat would be able to use a free decryption utility to recover their files.
The Deos Ransomware is programmed to identify and encrypt the contents of files using one of the following twenty extensions:
.asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .sln, .sql,.txt, .xls, .xlsx, .xml.
When a file’s content is encrypted, the Deos Ransomware also modifies the name of the file by appending the ‘.locked’ extension on it. This is the default file extension used by the HiddenTear project so that it is possible that future variants of the Deos Ransomware may use a custom file extension to mark the encrypted files. Once the attack is complete, the Deos Ransomware will display a ransom note screen, which tells victims that they have to pay 0.1 BTC ransom sum to decrypt their files.
‘ALERT !
ALL YOUR FILES HAVE BEEN ENCRYPTED
THE KEY FOR DECRYPTION IS STORED ON OUR PRIVATE SERVER, TO GET IT YOU NEED TO
PAY A RANSOM IN BITCOIN OF 0.1 BTC TO THE FOLLOWING ADDRESS:
1XU9D0WA0IDWAI0DAWWDA09
AFTER PAYMENT, INSERT THE
TRANSACTION URL IN THE SPACE BELOW AND WAIT FOR DECRYPT.
THERE IS NO OTHER WAY TO DECRYPT YOUR FILES, EXCEPT PAYING.
YOUR KEY WILL BE DESTROYED AFTER THE TIMER REACHES 0.’
It is likely that the Deos Ransomware is not yet finished because the authors have not included any contact details. In addition to this, the Bitcoin wallet address included in the ransom note is invalid so that sending payments to it is impossible. Even if paying the ransom sum was possible, the victims of the Deos Ransomware would not need to do that thanks to the threat’s flawed encryption algorithm. The best solution when your data has been taken hostage by the Deos Ransomware or other HiddenTear variant is to use an anti-malware software suite to eliminate the malevolent files. After this stage is complete, users can run a free HiddenTear decryptor to get their files back.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]
