G Data malware analyst Karsten Hahn stumbled upon a new ransomware family named DeriaLock, which locks your screen and requests a payment of $30.
DeriaLock is from the first category, of ransomware families that lock your screen and prevent users from accessing their files or applications but leaving the data intact.
The screen locker window also includes two buttons that when clicked, provide translations of the ransom note in German and Spanish. Only the German translation button works.
Additionally, if users press the ALT + F4 keyboard shortcut to close the screen locker, a popup appears that reads: “I think that is a bad decision. Nice try mate =)”
The good news is that DeriaLock requires the .NET Framework 4.5 to be installed, which means it won’t work on Windows XP machines.
UPDATE 1 [December 26, 2016]: Hahn spotted today versions of DeriaLock that encrypt users’ files and add the .deria file extension at the end.
UPDATE 2 [December 26, 2016]: Michael Gillespie told Bleeping Computer that he found a way to recover files encrypted by the recent DeriaLock version that appends the .deria extension at the end of files. Victims should reach out to him via his Bleeping Computer profile or Twitter account.
UPDATE 3 [December 27, 2016]: Hahn detected a new DeriaLock version that threatens to delete a users’ files if he doesn’t pay the ransom and restarts his computer. The DeriaLock decrypter created by Gillespie still works.