Drakos ransomware is a cryptovirus that encrypts files with AES algorithm and imitates the relation to GandCrab ransomware

Drakos ransomware is a file-locking virus that demands 1,200$ worth of Bitcoin to return encrypted files. This information is revealed in the ransom note that gets placed on the screen when your encoded data receive .drakos file extension, and the encryption is done. The ransom message and other alerts get displayed in separate browser windows that show GrandCrab ransomware icon on the screen but the relation with this ransomware family is rather imitated, and there are no similarities besides the displayed icon. In messages, virus developers reveal more details about the attack and demands to pay the ransom in DASH or Bitcoin if the victim wants to get their files back. Cryptocurrency is the primary goal of ransomware-type virus developers.[1]
| Name | Drakos ransomware |
|---|---|
| Type | Cryptovirus |
| File extension | .drakos |
| Ransom amount | 1200$ |
| Encryption method | AES algorithm |
| Ransom message | Displayed in various browser and program windows |
| Imitates | GrandCrab ransomware |
| Distribution | Spam email attachments with infected files |
| Elimination | Use antivirus to remove Drakos ransomware and then clean virus damage using FortectIntego |
Drakos ransomware virus developers call their product “GandCrab as a service ransomware” but the relationship is non-existent, and you should never trust the word cybercriminals say. The clear association with another ransomware family is not proven
Once Drakos ransomware infiltrates the targeted system, it starts searching for data that can be encrypted. For this process, virus employs AES encryption algorithm and changes the original code of your photos, videos, documents or even archives. When your files get encoded, you can find .drakos appendix added at the end of each file.
This file-locking is the main process Drakos ransomware is designed to perform because encoded data is the reason developers demand victims to pay up. You cannot notice the process but when it is done your screen starts showing various messages from virus developers.
One of the messages delivered by Drakos ransomware reads the following:
Drakos ransomware
[Have you's got advice?] [*** Any For Attempts to the get back you files is with the THIRD, CAN-party tools the BE fatal for your encrypted files is ***] of The will most part of the the tried-party This is a list of cases of damage to the files.
Finally it will be impossible to decrypt your files. It will make it that you can’t make it a matter of course. The third-party software for restore files is encrypted with the “Drakos Ransomware” software. If you look for your files, please contact your antivirus support.
Additionally to these messages, the main ransom note is delivered to your screen and then Drakos ransomware states about your possibilities. To get your files back, you need to pay for Drakos decryptor that might not even exist, and the price is 1200$ in DASH or Bitcoin. However, paying shouldn't be an option because criminals tend to disappear after the payment.[2]
Drakos ransomware ransom note also delivers pictures with Mr. Krab from the popular cartoon, and all messages contain the name GandCrab to fake the association that is not proven what so ever. Although there is a suggestion of free decryption and other promises, you should ignore that and move on to virus removal.
Many researchers[3] understand that data recovery is the most important issue when it comes to ransomware attacks, but you should focus on Drakos ransomware removal first and then worry about your files. Remember that any data recovery on the infected system may lead to permanent data loss.
Remove Drakos ransomware by scanning the system with anti-malware program. After that, you need to make sure that your device is working correctly, so employ PC repair tool like FortectIntego and scan the system yet again. This way you can double-check and clean the machine entirely.

Malicious spam emails contain more than suspicious advertisements or redirects
While nowadays online is not the safest place, you should pay more attention while browsing on the internet. Especially when it comes to emails, private messages or social networks. When you are not expecting the email, and you still receive the notification from a company or service that include file attachments, you should be more cautious while opening those emails.
The email might have a few red flags that you should notice right away:
- grammar mistakes on the email itself;
- subject lines about order information, financial details;
- the sender is stated to be a legitimate company, institution or service;
- Word, Excel, ZIP or PDF file attachments;
- shortened hyperlinks in the email message directly.
Unfortunately, when you open the email and download the file attachment to your device directly, you receive the message about content enabling that triggers malicious macros and the automatic installation of the malware script that infiltrates the system with ransomware distributing malware or direct payload of the intruder.
Remove Drakos ransomware as soon as possible and recover your files when the system is cleared
Don't forget about the Drakos ransomware virus and the possible changes on your system that include alteration in the Windows Registry or even system folders and files. These changes make a virus more persistent, so we recommend entering the Safe Mode before scanning the device.
However, you need to employ professional tools for best Drakos ransomware removal results. FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes can work this job because these programs can indicate possible threats, remove them and detect other issues with your machine.
When you remove Drakos ransomware, make sure to double-check and scan the system again. If you are not sure that the PC is malware-free, you risk getting your files permanently damaged.
Was this guide helpful?
Be the first to comment