Darus virus. How to decrypt .darus files?

Written by Brendan Smith
Currently, Darus virus attacks a wide range of computers in various parts of the world. The degree of its distribution and the severity of the infection definitely requires for you to react immediately before Darus turns all your important data into files that cannot be opened.
GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.
This article intends to assist you in deleting Darus Virus Ransomware at no cost. Our guide also shows how any Darus file can be restored.

Darus – How bad is it?

Darus can be described as a typical ransomware-type threat.
The term “ransomware” actually means the software that performs some malicious modifications with your files and asks you to pay the ransom to get them back to the initial state. Darus was first discovered by Michael Gillespie1.

The infection originates from the Djvu ransomware family. Darus is not much different from other ransomware samples. So it encrypts all popular file types. As quickly as the certain file is encrypted users are not able to use it. Darus sets the “.darus” extension into each file it encrypts. For instance, the file “my-photo.jpg”, upon being encrypted by Darus, will be changed into “my-photo.jpg.darus”. Upon the encryption completion, Darus generates a specific text file (for example “_readme.txt”) and puts it into every folder where the encrypted information is stored.

The scary notification produced by Darus warning demanding for the ransom to be paid is literally the same as the alerts presented by other ransomware samples that derive from the Djvu family. It basically indicates that the information is encrypted by it and that the just remedy to decrypt it is to apply a one-of-a-kind decryption key (decryptor). It is quite regretful to admit that this is an absolutely true statement.

The variant of the cryptography method implemented by Darus is yet not duly researched. At the same time, it is definitely true that each user whose data got encrypted may be issued a special decryption key, which is definitely a special and there are no other variations of it. It is quite unlikely that users will manage to recover the data without the key in place.

Once Darus is active it is impossible for people to get access to the key, which is located on a remote server controlled by the criminals related to Darus ransomware.

In order to obtain the key and restore the necessary data users are forced to actually pay the ransom, which equals to $980. To get the payment information users are told to get in touch with the criminals by means of sending an email or by telegram.

The warning also states that the victims should contact the Darus representatives within 72 hours beginning from the moment of data encryption. The alert indicates that by contacting within 72 hours people will be given a 50% rebate, thus the ransom figure will be decreased to $490). Nonetheless, no matter what the requested sum is, you should not pay the ransom!

What about paying the Darus ransom?

If you believe that paying the demanded ransom is the just solution, I need to mention a few things peculiar to that option. The crook who is using the Ransomware infection tool certainly wants you to believe that there is truly no other way-out to restore the data.

Definitely, as you might think, the ransom is generally meant to be transferred under certain specific pre-defined regulations and rules. Often this is done by means of Bitcoins as a transfer currency. The application of Bitcoins is often the preferred way by cyber frauds because such transfers are extremely unlikely to get tracked.

Due to this feature of the bitcoins, they are often applied by hackers that intend to scare the targeted users by using ransomware virus. The use of such hard-to-track virtual currency is the key factor why almost all ransomware frauds manage to remain anonymous after successfully completing their covetous fraudulent goals.

Nevertheless, in many cases, even the payment of the demanded ransom might not assist the virus victims as it is quite likely that they may not get any file-decryption data. In events like these, it is very important that the user tries all other available options that might be in place – paying the money is most certainly not the good idea and must not be the main solution.

Do not pay for ransomware

Online crooks cannot be trusted, they completely don’t care what you feel about the trouble with your data, even when you do pay the ransom. For this reason, paying the amount asked by these frauds does not bring you to the positive resolution of your problem. So, you simply waste your money for absolutely nothing.

I certainly recommend that you do not get in touch with these frauds and do not send money into their pockets. Currently, there are no applications capable of cracking Darus ransomware or restoring the encrypted information at no cost. Hence, the only feasible solution is to restore the lost information from the backup, as long as it is available.

Darus virus message

The scary alert demanding from users to pay the ransom to decrypt the compromised data contains these frustrating warnings

You ought to be aware that the online realm currently is full of infections that look pretty much the same as the Darus virus. Hazardous applications classified as ransomware are generally developed to encrypt crucial files and to express the demand before the victim to eventually transfer the ransom amount into the pockets of the frauds standing behind them.

The feature of all such ransomware infections is that they refer to a similar mechanism for generating the standalone decryption key to decrypt the compromised data.

Hence, unless the ransomware is still under development or has some concealed flaws, manually restoring the data is something you can’t really do. The just remedy to avoid the loss of your important files is to permanently make backups of your important data.

Keep in mind that even if you make such backups, they must be immediately put into a special location not associated with your main workstation.

For example, the backup may be stored on the USB flash drive or some other external hard drive device. Alternatively, you may use the service of online (cloud) data storage.

Of course, when you keep your backup data on your regular system, it might be easily encrypted as well as other documents.

Hence, storing the backup on your main PC is certainly not a reasonable decision.

How does Darus attack the PC?

Darus used different methods to inject its roots into the system. It is not really certain what particular method was used to infiltrate your system.

How Darus infection attack your PC?

Darus ransomware attack following a successful phishing attempt.

However, these are the channels through which it may be enabled in your system:

  • concealed installation together with other programs, especially the ones promoted on a free basis;
  • links to Darus contained in unsolicited spam mail;
  • online free hosting services;
  • illegal crack downloads from peer-to-peer (P2P) resources.

There were instances when Darus ransomware was introduced as some legit app, for example, in the alerts suggesting to perform some necessary software or browser updates. This is typically how some online crooks aim to convince you into injecting Darus threat manually, through your direct role in the installation procedure.

Of course, the fake update alert will not mention that you are going to install ransomware. This installation will be masked under some claim stating that supposedly you need to update Adobe Flash Player or some other suspicious software.

Needless to mention, the cracked programs are not safe either. It is illegal to download them in the first place, but additionally, they may inject dangerous applications into your system, including Darus ransomware.

So, what can you do to prevent Darus from injecting its malicious roots into your system. In spite of the fact that there is no 100% guarantee to prevent your PC from getting infected. There are some recommendations I want to give you to avoid Darus intrusion. You ought to be careful while installing free applications.

Take time to read what the installers suggest in addition to the main free software. You also need to be careful not to open insecure email attachments. Especially if you are not familiar with the sender. It is very important that your existing anti-infection software is properly updated.

As mentioned, some malicious utilities in the system may perform their dangerous functions in a secret form in your system. I recommend that you scan your system with the proper anti-malware software to identify possible leaks in your system security.

The message by the Darus ransomware states the following frustrating information:

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
varasto@firemail.cc

Our Telegram account:
@datarestore
 
Your personal ID:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The image below shows files with “.darus” extension appended by the Darus ransomware:

Darus Virus - crypted .darus files

Example of crypted .darus files

How to remove Darus infection?

In addition to encode a victim’s files, the Darus virus has also started to install the Azorult Spyware on PC to steal account credentials, cryptocurrency wallets, desktop files, and more.
Reasons why I would recommend GridinSoft2

The is an excellent way to deal with recognizing and removing threats – using Gridinsoft Anti-Malware. This program will scan your PC, find and neutralize all suspicious processes3.

Download GridinSoft Anti-Malware.

You can download GridinSoft Anti-Malware by clicking the button below:

Run the setup file.

When setup file has finished downloading, double-click on the install-antimalware-fix.exe file to install GridinSoft Anti-Malware on your computer.

Run Setup.exe

An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click “Yes” to continue with the installation.

GridinSoft Anti-Malware Setup

Press “Install” button.

GridinSoft Anti-Malware Install

Once installed, Anti-Malware will automatically run.

GridinSoft Anti-Malware Splash-Screen

Wait for the Anti-Malware scan to complete.

GridinSoft Anti-Malware will automatically start scanning your computer for Darus infections and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process.

GridinSoft Anti-Malware Scanning

Click on “Clean Now”.

When the scan has completed, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the “Clean Now” button in right corner.

GridinSoft Anti-Malware Scan Result

How to decrypt .darus files?

Encryption specialist Michael Gillespie (USA) managed to create his decoder for some versions and variants of this family ransomware (Tocue, Gusau, Madek, and others).

It work when the Darus infection used an offline key for encryption.

You can download free decryption tool here: STOPDecrypter. This tool includes a BruteForcer just for variants which use XOR encryption, a simple symmetric cipher that is relatively easy to break. The decrypter tool requires victims to provide an encrypted and original file pair greater than 150KB.

Download STOPDecrypter tool:

Download STOPDecrypter

Extract STOPDecrypter tool to your Desktop folder:

Unzip STOPDecrypter.zip file to Desktop

Run STOPDecrypter tool:

Run STOPDecrypter

Remember: STOPDecrypter should be run as an Administrator from the Desktop.

Select your folder and press “Decrypt” button:

STOPDecrypter select folder

What the next?

If the guide doesn’t help you to remove Darus infection, please download the GridinSoft Anti-Malware that I recommended. Also, you can always ask me in the comments for getting help. Good luck!

Sending
User Review
5 (1 vote)
Comments Rating 0 (0 reviews)

References

  1. Twitter of Michael Gillespie: https://twitter.com/demonslay335
  2. GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
  3. More information about GridinSoft products: https://gridinsoft.com/comparison

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

One Response

  1. Andrei July 22, 2019

Leave a Reply

Sending