Delphimorix Ransomware

The Delphimorix Ransomware is a variant of the InducVirus Ransomware, a file-locker Trojan that blocks your PC's media and shows pop-ups demanding Bitcoin ransoms for the unlocker. Secure backups can protect your documents and other data from these attacks, although there may be a free decryption solution available to the public, as well. Most users should rely on appropriate anti-malware software for uninstalling the Delphimorix Ransomware or blocking its installation exploits.

A Trojan of Extraordinarily Expensive Tastes

The cyber-security industry is finding early samples of a side-grade for the InducVirus Ransomware, the file-locker Trojan that owes much of its code to the Scarab Ransomware RaaS family. While malware researchers are confirming no additions from the cryptography portion of its payload, which is responsible for the locking of the files, the Delphimorix Ransomware does have a significant difference from the InducVirus Ransomware. Rather than withholding the details of its ransoming demands for later, the Delphimorix Ransomware specifies an upfront and exorbitant fee.

The Delphimorix Ransomware's installation routine includes writing temporarily to Adobe Flash Player files as part of a disguise, although it removes these files later, as part of its self-cleanup process. Its 32-bit Windows executable is just over a megabyte, which is more than the average file-locker Trojan, but still relatively compact. After infecting the Windows PC, the Delphimorix Ransomware starts scanning drives for media that it can encrypt or 'lock' with an RC6 algorithm. Like most of the file-locking Trojans that malware researchers see, the program also appends extensions (such as '.449043') to the names of the media that it blocks.

While the Delphimorix Ransomware finishes its attack with the same style of pop-up warning and ransoming instructions for the decryptor that the InducVirus Ransomware offers, the text of this message is different. The Delphimorix Ransomware may be nothing more than a joke since it asks for one hundred and one Bitcoins – or ten billion US dollars – as its ransom. As always, in the unlikely event of anyone paying, there are no legal or technical mechanisms that would prevent the threat actor from accepting the money and not giving out the decryptor.

Putting Costly Delphi Software in Its Place

The contrast between extortionist expectations and the security of a file-locking Trojan's campaign is, sometimes, vast, and the Delphimorix Ransomware is an accurate example of why victims shouldn't pay these ransoms. Its simple, RC6-based encryption algorithm is easily decryptable by third parties, and users can contact a cyber-security specialist with experience against these threats for recovering their files. In other cases, such as the latest members of the Crysis Ransomware family, having a backup on another device may be your only alternative.

None of the versions of the Delphimorix Ransomware that malware researchers have available are showing any clear signs of being ready for release against the public, and its threat actor may never launch a 'real' campaign. However, should he or she do so, infection strategies likely of being in play include corrupted websites running exploit kits, spam e-mails, and direct attacks against vulnerable networks. Monitoring your network's login credentials, installing security patches as they become available, and scanning downloads before opening them are possible countermeasures. One out of every three anti-malware products, additionally, is identifying and removing the Delphimorix Ransomware as a threat.

The price that the Delphimorix Ransomware asks for is wholly out of bounds with its encryption prowess, but file-locking features always can receive updates. Betting on its remaining easy to neuter is not a wise gamble for any Windows user.