Home Malware Programs Ransomware Darus Ransomware

Darus Ransomware

Posted: July 22, 2019

The Darus Ransomware is a file-locker Trojan from the STOP Ransomware family. Its attacks can block files on your computer by encrypting them, change their extensions, deliver ransom messages, and wipe your backups. Have anti-malware products remove the Darus Ransomware on sight and save secure backups for recovering anything that it attacks.

The Trojan Family Floating Around Island Nations

Southeast Asia remains a consistent target for the STOP Ransomware family, whose version iteration could be providing helpful features for the criminals who rent it but make little difference in how it's extorting money. This Ransomware-as-a-Service family has been maintaining a state of high activity since early 2018, if not before then. The Darus Ransomware is the most recent release, to date, with a higher edition number than old cousins like the Djvu Ransomware, the Rumba Ransomware, the Neras Ransomware, or even the July Lokas Ransomwar.

Much like banking Trojans often appear in South American nations like Brazil, threat actors using the STOP Ransomware family, often, focus on targeting island nations in Asia. Out of these, malware experts can confirm the Darus Ransomware's compromising victims in Malaysia, Indonesia and the Philippine successfully. One infection tactic among Trojans of the same genealogy consists of manually-hacking vulnerable Web servers that are running outdated software, leaving RDP open, or using brute-forcible passwords. Otherwise, the Darus Ransomware may be spreading through illicit torrents and similarly-suspicious downloads.

The Darus Ransomware harms locally-saved media, including documents, databases, images, and other formats, by encrypting it with a traditional AES and RSA algorithmic combination. Ordinarily, recovery chances for these files are less than one in ten. However, users fortunate enough to suffer from the offline variant of its payload, which uses a hard-coded key instead of an external one, have better chances of unlocking their media through public decryption services.

Shipping the Darus Ransomware Back to the Seas

Although half a dozen victims are reporting attacks by the Darus Ransomware blocking their files, users can protect themselves from any further spread of this threat. First and foremost, malware experts always encourage avoiding illegitimate or risky download resources, especially for pirated games or other media products, which are a favorite installation method for file-locking Trojans. Secondly, implementing appropriate security practices for any Web servers you administrate will limit attacks of opportunity against it by means such as abusing WordPress software vulnerabilities or guessing factory-default login values.

The Darus Ransomware, like the majority of file-locking Trojans, includes precautions against the user's Windows backups. Malware experts suggest saving other backups to secondary locations, such as removable devices, for guaranteeing that you can recover anything that the Darus Ransomware attacks. Paying the fee that it specifies in its ransom note does not promise any recovery and can cause financial losses for no benefit.

Keeping one's anti-malware products up-to-date is advisable in all cases. It's especially relevant to this threat, however, which is one of the most recent versions of the family, and removing the Darus Ransomware may only be possible with equally well-maintained security solutions.

The Darus Ransomware is finding quite the foothold on several shores, but it's not likely that the victims are wholly innocent. Downloading a 'free' movie or leaving a guessable password in place is all the invitation that the newest STOP Ransomware progeny needs.

Loading...