Remove Defray Ransomware | Updated


I wrote this article to help you remove Defray Ransomware. This Defray Ransomware removal guide works for all Windows versions.

Defray is a classic member of the ransomware family. This sentence alone should make you realize just how dangerous this parasite is. According to researchers, Defray mostly targets hospitals and large manufacturing companies. However, this doesn’t mean it cannot infect individual users. The Internet has no boundaries and no one is safe. Defray operates like any other member of the ransomware family. It does, however, stand out with a couple of things, which we will talk about in a second.

As soon as the infection enters, all of your private data that you have stored on your machine gets encrypted. Defray uses AES-256, RSA-2048, and SHA-2 cryptographies which means that the decryption of your files will require several unique keys. All of your photos, music, videos, databases, etc. get locked and you no longer have access to them. However, unlike other ransomware pieces which renamed the encrypted files and append a malicious extension to them to solidify its hold, Defray doesn’t do that. It doesn’t change the names of the locked files and it doesn’t add any extension. You will know that your data is being held hostage when you try to open a file and you fail. The other way of realizing your files are not under your control anymore is by the appearance of the “HELP.txt” and “FILES.txt” files. Defray drops the first one on your desktop and the second one in every folder, containing encrypted data.

These two files contain the same message. The so-called ransom note. According to it, the only way of getting your data back is by purchasing the special keys we mentioned above. You are being extorted. But wait. You haven`t heard the sum crooks demand yet. You are asked to pay the whopping amount of $5000 in Bitcoins in order to regain access to your own files. This is a lot of money, no doubt. Yet, this is not the reason why you should NOT pay. Even if the hackers wanted $5, you still shouldn’t comply. Why? Because they guarantee you nothing. Usually, crooks tend to ignore their victims once the ransom is paid. They take your money and leave your files locked.

Another scenario is that they send you a non-working tool. But even if they give you the right one and you free your data, the ransomware itself remains on your machine ready to strike again. The decryptor doesn’t remove the infection. It only removes the encryption. This means that your files can get re-encrypted hours after decrypting them. It is not worth it. Not to mention that if you pay, the cybercriminals will use your money for nothing but business expansion and more malware creation. Don’t become their sponsored and don’t let yourself end up double-crossed. Forget paying as an option. It is not one. Instead, use our removal guide below. The first thing you need to do is remove Defray from your system. Then, you can try to safely recover your files. Also, always keep backups of your most valuable data. Sometimes this is the only way to retrieve lost files.

How did Defray gets distributed? The infection travels the Web with the help of spam email messages that contain a malicious attachment – a MS Office document with an embedded executable. Moreover, the messages are disguised to look legitimate. The crooks use company logos and names in order to make the email look authentic so the victim would click. Be very cautious when opening emails. Always check the sender before you decide to click. Don’t be fooled by seemingly legitimate appearances. Hackers are becoming more and more creative. They leave nothing to chance. On the contrary, they do their best to assure their success. Don’t help them out by being careless. Rely on your vigilance. It is the only way to win the battle against cyber infections.

Defray Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Defray Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link:
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Defray Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete
Daniel Stoyanov
Daniel Stoyanov has a Master's degree in Computer Science from the Technical University of Sofia, Bulgaria. He is also a Microsoft Certified Professional. Daniel provides top cyber security news with in-depth coverage of malware, vulnerabilities, PC and Network security, online safety.If you have any questions feel free to ask him right now.


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.