Threat Database Ransomware '.VforVendetta File Extension' Ransomware

'.VforVendetta File Extension' Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 21
First Seen: December 9, 2016
Last Seen: May 30, 2021
OS(es) Affected: Windows

The '.VforVendetta File Extension' Ransomware is packed as a Trojan that you may come in contact when you enable a macro in documents downloaded from spam emails. The '.VforVendetta File Extension' Ransomware is a version of the SamSam Ransomware, which we covered in an article in April 2016. The variant '.VforVendetta File Extension' Ransomware may have been inspired from the movie 'V for Vendetta' from 2005, which introduced the Guy Fawkes mask worldwide and later became the symbol of the hacktivist group Anonymous. As its name suggests, the '.VforVendetta File Extension' Ransomware is named after the marker placed on encrypted objects. For example, 'Lockheed Martin F-22 Raptor.pptx' is transcoded to 'Lockheed Martin F-22 Raptor.pptx..VforVendetta'.

An Advanced RSA-2048 Encryption Algorithm is Used to Handle the Encryption Process

Security experts report that the '.VforVendetta File Extension' Ransomware is using a reliable RSA-2048 encryption algorithm to lock the files, and the private decryption key is stored on the servers of its operators. The original release of the SamSam Ransomware was aimed at networks that operated with the Redhat OS, which is based on Linux. However, SamSam affected Windows-powered computers connected to machines using Redhat. Reports on the '.VforVendetta File Extension' Ransomware suggest that the Trojan is aimed at the Windows OS users predominantly. The '.VforVendetta File Extension' Ransomware can encode data on removable, local and shared drives, as long as they are not password protected, and there isn't access control policy in place.

The '.VforVendetta File Extension' Ransomware functions similarly to the Dr. Fucker Ransomware that is a variant of SamSam as well. Both notes seen with the '.VforVendetta File Extension' Ransomware and the Dr. Fucker Ransomware are almost identical. The updated note in the '.VforVendetta File Extension' Ransomware is presented as '000-PLEASE-READ-WE-HELP.html' and earlier versions were shown as 'PLEASE_READ_FOR_DECRYPT_FILES_[ID number].txt.' The message left by the '.VforVendetta File Extension' on infected computers may look like this:

'#What happened to your files?
All your files encrypted with RSA-2048 encryption, For more information search in Google 'RSA Encryption.'
#How to recover files?
RSA is an asymmetric cryptographic algorithm;
You need one key for encryption and one key for decryption.
So you need Private key to recover your files.
It's not possible to recover your files without private key
#How to get private key?
You can get your private key in 3 easy step:
Step1: You must send us 1.7 BitCoin for each affected PC OR 29 BitCoins to receive ALL Private Keys for ALL affected PCs.
Step2: After you send us 1.7 BitCoin, Leave a comment on our Site with this detail: Just write Your 'Host name' in your comment.'

Some Versions of the '.VforVendetta File Extension' Ransomware may Feature a Differential Pricing for the Decryption Software

Depending on the volume of data that is encrypted, the '.VforVendetta File Extension' Ransomware Trojan could display a price that ranges from 1 Bitcoin to 30 Bitcoins. To put the prices in official currency, the '.VforVendetta File Extension' Ransomware may sell a decryptor for prices between 770 USD and 23,147 USD. Needless to say, server administrators and regular PC users need to consider installing a backup solution and a reliable anti-malware shield that would secure their data in case the '.VforVendetta File Extension' Ransomware Trojan compromises their system. Paying the ransom is not encouraged, and as long as you have backups, you should recover from a successful crypto threat attack comparatively fast.

Trending

Most Viewed

Loading...