What is Defray?
This Defray virus is another ransomware-type virus discovered by the malware security researchers from Proofpoint. Once it has infiltrated your system, Defray encrypts stored data using AES-256, RSA-2048, and SHA-2 cryptographies. Unlike other similar malware, this Defray does not append extensions to encrypted files, however, following the successful encryption, the virus creates two text files instead: the “HELP.txt” (placed on the desktop) and “FILES.txt” which is placed in all existing folders. Both folders contain the identical ransom-demand messages.
This malware is mostly spread through spam emails that contain a malicious attachment such files like the MS Office document with an embedded executable. Moreover, most ransomware-type viruses target private users, however, Defray specifically mainly targets hospitals or even large manufacturing companies. The nefarious cyber criminals tailor the aforementioned messages primarily to the targeted company or organization, for instance, it may include the company logo or other specific details. By that way, the criminals attempt to make the document appear legitimate in order to trick victims into running the malware into their system. The Defray ransomware creates two identical files and these contain an identical message that inform the victims of the encryption and making ransom demands of the equivalent of $5000 in Bitcoins. Defray malware implements basically the AES, RSA, and SHA cryptographies. Therefore, decryption requires several unique keys to decrypt your infected files. These are stored on a remote server controlled by Defray’s developers, and so they encourage their victims to pay a ransom to receive them. However, despite these threats and demands, do not even trust these cyber criminals because developers of ransomware-type viruses usually ignore victims once ransoms are paid. So paying will not guarantee the delivery of the any positive result, you might lose thousands of dollars and will just support cyber criminals’ businesses. Therefore, never attempt to contact these people or pay any ransom they demanded. Unluckily, so far, there are no tools capable of restoring files encrypted by Defray yet, the only solution is to restore your files/system from a backup.
How did ransomware infect my computer?
As mentioned earlier, the Defray is spread through spam emails, however, these viruses are also often distributed using third party software download sources such as peer-to-peer networks, freeware download websites, free file hosting websites, fake software update tools, and trojans. Unofficial software download sources usually proliferate malicious executables by disguising them as legitimate software. Moreover, fake software updaters exploit bugs/flaws of old software version to simply and easily infect the system.
How to protect yourself from ransomware infections?
In order to prevent ransomware infections of your computer, always be very cautious when browsing the Internet. Take note not to open files received from suspicious/unrecognizable/unknown email addresses or download software from unofficial sources. Also keep the installed applications up-to-date and using a legitimate anti-virus/anti-spyware suite is also a smart move.
Here is the ransom-demand message presented within Defray ransomware text files (“HELP.txt” and “FILES.txt“):
Here is an example of attachments within spam messages used to spread Defray ransomware:
How to remove the Defray malware?
All ransomware developers, no exceptions, will warn you not to use any third-party data recovery tools. But, there are alternatives. In fact, because of the sophistication of this malware, there is no Defray Decrypter available yet.
Nonetheless, do not delay the Defray virus removal. Though the threat somehow removes shadow volume copies, you might restore the data from backup copies. You can find at the very bottom of the page the recommended tools to be of use.
Use an anti-malware program
We recommend using SpyRemover Pro, a highly effective and widely used malware removal program to clean your computer of Defray ransomware. In addition to Defray ransomware, this program can detect and remove the latest variants of other malware.
SpyRemover Pro has an intuitive user interface that is easy to use. To get rid of Defray ransomware, the first step is to install it, scan your computer, and remove the threat.
You can perform a full system scan through the recommended anti-malware tool SpyRemover Pro.
- Turn your PC on. Once it’s on, you need to reboot
- Then, the BIOS screen will show up, however, if Windows pops up instead, you will need to reboot your computer and try one more time. Once the BIOS screen is on, repeatedly press F8, to open the Advanced Option and shows up.
3. Use the arrow keys to navigate the Advanced Option and then choose the Safe Mode with Networking then click it.
4. The Safe Mode with Networking will then be loaded.
5. Kindly press and hold both R key and Windows key together.
6. The Windows Run Box will appear if it is done correctly.
7.Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
*There should be a single space in between explorer and http. Hit OK.
8. There, appear a dialog box by Internet Explorer. Click Run to start downloading SpyRemover Pro. It will automatically start the installation once it’s done downloading.
9. Simply launch the SpyRemover Pro by clicking OK.
10. Hit Run button to run SpyRemover Pro and perform a full system scan thereafter.
11. Once all the infection has been detected and identified, click REMOVE ALL.
12. Invest into the SpyRemover Pro program to further protect your computer from future threats.
Why is automatic removal more recommendable?
- You know only one virus name: “Defray ransomware”, but the truth is you have infected by a bunch of viruses.
The SpyRemover Pro program detects this threat and all others. - SpyRemover Pro is quite fast! You need only few minutes to check your PC.
- SpyRemover Pro uses the special features to remove hard in removal viruses. If you remove a virus manually, it can prevent deleting using a self-protecting module, it takes hours and may damage your PC. If you even delete the virus, it may recreate himself by a stealthy module which you don’t want.
- SpyRemover Pro is compatible with any antivirus.
- SpyRemover Pro is convenient to use.
Preventive Security Measures
- Enable and properly configure your Firewall.
- Install and maintain reliable anti-malware software.
- Secure your web browser.
- Check regularly for available software updates and apply them.
- Disable macros in Office documents.
- Use strong passwords.
- Don’t open attachments or click on links unless you’re certain they’re safe.
- Backup regularly your data.