DeriaLock Ransomware Active on Christmas

The Derialock Ransomware is a piece of code that will lock your computer, and once your computer is locked they will take action on it and will demand access to computer users paying $ 30 US.

Ransomware families generally fall in one of two categories: screen lockers (which prevent access to your computer but leave your files alone) and crypto lockers (which allow you to use your computer but encrypt all your files).

DeriaLock is from the first category, of ransomware families that lock your screen and prevent users from accessing their files or applications but leaving the data intact.

Instructions states that the victim can purchase a key to unlock the computer by talking through Skype named ‘Arizonacode’.
The Derialock Ransomware uses hardwareID from the victim to check the lock needs to be given, which means that the ransomware infections exchange information to Cyber Crime. Once launched into execution, DeriaLock will take the computer’s MachineName identifier and generate an MD5 hash. Since malware authors often infect themselves by accident, the DeriaLock source code includes a hard-coded MD5 hash. After checking the MD5 locally, the ransomware then contacts its command and control (C&C) server and retrieves the most current version of itself, saving the file at:

C:\users\appdata\roaming\microsoft\windows\start menu\programs\startup\SystemLock.exe

DeriaLock will then run this file, which now passes all checks and starts the screen-locking behavior by showing a fullscreen window with the following ransom note:
DeriaLock
The screen locker window also includes two buttons that when clicked, provide translations of the ransom note in German and Spanish. Only the German translation button works.
The good news is that DeriaLock requires the .NET Framework 4.5 to be installed, which means it won’t work on Windows XP machines.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>