Darus Ransomware

What is Darus Ransomware?

Darus Ransomware is the kind of threat that can make your life miserable. This infection encrypts files, and if you do not have backups stored outside the infected system, you are unlikely to recover them. That means that if this infection slithers in, it might successfully destroy your personal files, so to speak. To drop the infection onto your operating system without your notice, its creator is likely to set up misleading emails with fake attachments or exploit RDP vulnerabilities. If you do not detect and remove Darus Ransomware right away, it starts its malicious attack not long after. First, it disables the Task Manager to make it impossible for you to terminate malicious processes and then delete the infection. Also, the threat drops files that can encrypt files, mimic a fake Windows updates screen, and even disable the Windows Defender. Without a doubt, this infection is strong enough to make a lasting impact. If you want to learn about erasing the threat, the recovery of files, and the security of your system, please keep reading.

Do you know what Darus Ransomware is?

According to our malware research team, Darus Ransomware comes from the STOP Ransomware family, just like Skymap Ransomware, INFOWAIT Ransomware, Guvara Ransomware, Kiratos Ransomware, and many others. For the most part, these infections function in the same manner, and they usually present the same demands; however, it is likely that they are operated by different malicious parties who are simply using a publically available malware code. This might be why some unique traits exist as well. For example, after the files are encrypted by Darus Ransomware, the “.darus” extension is added to their names. Although you can remove this extension by renaming the file, there is no reason to do it because your files will remain encrypted afterward. It appears that the extension was created so that you could spot the corrupted files right away. Before that, however, you are likely to spot the “_readme.txt” file. It is a text file, and, therefore, is safe to open, but do not forget to remove it along with the infection.

According to the information that is presented in the text file, the creator of Darus Ransomware encrypted your files, so that they could demand money from you. They propose purchasing a decryption tool and a unique key for $490 (within three days) or $980 (after three days). To get more information about the payment, victims are asked to send messages to gorentos@bitmessage.ch and gorentos2@firemail.cc, or using Telegram, to @datarestore. Do you think it is a good idea to contact the attackers? Well, it is not because they could terrorize you after you pay the ransom, and they are unlikely to give you what you need even after you pay it. Remember that the creator of Darus Ransomware is a cyber criminal, and they earn money using deception and tricks. If you trust them to do the right thing, you are likely to regret getting involved in the first place. Save your money, and invest it into software that will help you delete the infection and secure your operating system against invaders in the future.

How to remove Darus Ransomware

Before you delete Darus Ransomware, check your backups on external drives and cloud storage to see whether or not you can replace the corrupted files. Hopefully, you can because restoring files corrupted by the infection appears to be impossible. You can take the risk of paying the ransom in return for the decryptor if you wish, but our research team warns that you are unlikely to recover your files that way. Whatever happens, you need to remove Darus Ransomware from your operating system, and while you can try to delete this infection manually using the guide below, it is time to consider installing anti-malware software. This software can automatically erase all active infections, and it can also ensure that new file-encryptors and other threats cannot attack your operating system again. If you do not know what to do still, post your questions in the comments section, and our research team will address them ASAP.

Removal Instructions

1. Right-click and Delete the file named _readme.txt (if copies exist, erase them too).
2. Tap Win+R keys to launch Run and then type regedit into the box to launch Registry Editor.
3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
4. Right-click and Delete the value named SysHelper if its value data points to a malicious .exe file.
5. Tap Win+E keys to launch Windows Explorer, via which you can access different directories.
6. Enter %LOCALAPPDATA% (%USERPROFILE%\Local Settings\Application Data\) into the quick access field.
7. Right-click and Delete all folders (with random names) containing malicious .exe files, as well as files named updatewin.exe, updatewin2.exe, and script.ps1.
8. Enter %WINDIR%\System32\Tasks\ into the quick access field.
9. Right-click and Delete the task named Time Trigger Task.
10. Empty Recycle Bin and then inspect your system for leftovers using a legitimate malware scanner. Download Removal Tool100% FREE spyware scan and
    tested removal of Darus Ransomware*