Deos Ransomware – Remove and Restore .locked Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Deos Ransomware – Remove and Restore .locked Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Deos and other threats.
Threats such as Deos may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to help you remove Deos ransomware from your computer and restore the .locked encrypted files.

May 2017 is the month of ransomware, it seems, and the latest string that has been reported to encrypt files has been recently discovered. The virus, named Deos or Locker has been reported to ask from victims the ransom amount of 0.1 BTC to decrypt the encrypted files. The ransomware also drops a ransom note with complete instructions on how to pay the ransom. In case your computer system has been infected by the Deos ransomware virus, we advise you to read this article thoroughly.

Threat Summary

NameDeos
TypeRansomware, Cryptovirus
Short DescriptionDeos ransomware encrypts the files on the infected computer and demands victims to pay in BitCoin to get the files back.
SymptomsFiles are encrypted with a .locked file extension. The ransom note looks like the picture above this table.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Deos

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Deos.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Deos Virus – Distribution Methods

In order to be widespread, the Deos ransomware infection aims to infect via several different methods. Instead of only being limited to one way of infecting victims, the virus may also be distributed via:

  • Spam e-mail campaigns that contain malicious e-mail attachments or web links leading to the infection.
  • Malicious files concealed as fake setups, key generators, Adobe Flash or Java Player updates, license activators or other types of files.
  • Other malware that may have already infected your computer, such as Worms, Trojans and others.
  • Via potentially unwanted and suspiciously behaving programs, installed via bundling or other dubious method.

After the victim of the ransomware has already opened the malicious files of the virus, the virus begins to download the payload of Deos on the victim’s computer.

Deos Ransomware – Analysis

Once this ransomware infection has already been situated on your computer, it’s files may reside on multiple different locations of the system, including:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %Temp%

The primary malicious file of this ransomware has the name Locker.exe, and it aims to perform multiple different activities on the computer, including the encryption of the files.

One of the malicious activities Deos ransomware is involved with is to create registry entries in the sub-keys Run and RunOnce to allow itself to run on Windows Start-up. The sub-keys in which the values may be located are the following:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After the registry entries have been modified on the infected machine, the Deos ransomware may also delete the shadow volume copies, thus eliminating any chance of backup on the compromised computer.

After this has been done, the ransomware virus may finally drop it’s ransom note, which has the following message to victims:

ALERT !
ALL YOUR FILES HAVE BEEN ENCRYPTED
THE KEY FOR DECRYPTION IS STORED ON OUR PRIVATE SERVER, TO GET IT YOU NEED TO
PAY A RANSOM IN BITCOIN OF 0.1 BTC TO THE FOLLOWING ADDRESS:
1XU9D0WA0IDWAI0DAWWDA09
AFTER PAYMENT, INSERT THE
TRANSACTION URL IN THE SPACE BELOW AND WAIT FOR DECRYPT.
THERE IS NO OTHER WAY TO DECRYPT YOUR FILES, EXCEPT PAYING.
YOUR KEY WILL BE DESTROYED AFTER THE TIMER REACHES 0.

Deos .locked – Encryption Process

The Deos ransomware hunts for very specific types of files to encrypt and these files are primarily photos and important documents. But the Deos virus is very careful not to encrypt files in the directories of Windows that may damage the operating system and crash your PC. Deos ransomware looks for the following types of files to encrypt them:

→ .asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .sln, .sql,.txt, .xls, .xlsx, .xml

To encrypt the data on the computers infected by it, Deos ransomware utilizes the AES encryption algorithm. This results in performing several different modifications in the core structure of the file itself. These modifications lead to the file being added the .locked file extension and looking like the following:

Remove Deos Ransomware and Restore .locked Files

For the removal of this ransomware infection, experts advise to backup the files before actually proceeding. Then, it is recommended to follow the removal instructions underneath. They are created so that you can remove the virus either manually by isolating it in safe mode or automatically with the aid of an advanced anti-malware program. Using anti-malware is always preferable because full removal of all malicious files and objects created by Deos ransomware are deleted, and the system is protected in the future too.

In case you are looking for ways of restoring the files that have been encoded by this virus, there are several methods that you can try below in step “2. Restore files encrypted by Deos.” They are not 100 percent chance of success but may result in the successful recovery of some of your files.

Note! Your computer system may be affected by Deos and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Deos.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Deos follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Deos files and objects
2. Find files created by Deos on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Deos

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...