Threat Database Ransomware Vipasana Ransomware

Vipasana Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 117
First Seen: June 27, 2016
Last Seen: June 21, 2022
OS(es) Affected: Windows

A threat dubbed Vipasana Ransomware is carrying out vicious attacks. The Vipasana Ransomware was first observed around December 20th of 2015. The Vipasana Ransomware receives its name because of the ransom note and email address that has been associated with this attack. The Vipasana Ransomware displays a message that instructs computer users to message the email address the Vipasana4@aol.com to get their files back.

This name may be derived from a word meaning 'insight meditation'. The Vipasana Ransomware message in Russian reads as follows.

'твои файлы зашифрованы, если хочешь
все вернуть, отправь 1 зашифрованный файл на эту почту:
the Vipasana4@aol.com
ВНИМАНИЕ!!! у вас есть 1 неделя что-бы написать мне на почту, по прошествии
этого срока расшифровка станет не возможна!!!!'

Which translated into English reads as follows:

'Your files are encrypted, if you want them all returned,
send 1 encrypted file to this email:
the Vipasana4@aol.com
ATTENTION!!! you have 1 week to send the email, after
this deadline decryption will not be possible !!!!'

Rather than forcing computer users to pay right away, in a way similar to other ransomware threats, the Vipasana Ransomware claims that the victim must send an email before taking any other action. Most ransomware Trojans threaten computer users by pressuring them into paying within a set period, generally between 24 and 72 hours. Apart from this email address, the AOL email address 'johnmen.24@aol.com' has also been associated with this threat campaign.

The Vipasana Ransomware may not Be the First Version of this Attack

Like most ransomware Trojans, the Vipasana Ransomware is designed to encrypt its victims' files, changing their file extension, and then demanding that the victim pays a ransom in exchange for the decryption key. The Vipasana Ransomware will rename the files it encrypts following the pattern outlined below:

'email-the Vipasana4@aol.com.ver-CL 1.2.0.0.id-[ID]-[DATE-TIME].randomname-[RANDOM].[XYZ].CBF'

'XYZ' is a random file extension added to the file. The real file extension associated with the Vipasana Ransomware is 'CBF'. It's possible, judging from this naming pattern, that there are previous versions of the Vipasana Ransomware attack, and that this particular variant is in its version 1.2.0.0. The following are file extensions that the Vipasana Ransomware targets and encrypts:

.r3d, .rwl, .rx2, .p12, .sbs, .sldasm, .wps, .sldprt, .odc, .odb, .old, .nbd, .nx1, .nrw, .orf, .ppt, .mov, .mpeg, .csv, .mdb, .cer, .arj, .ods, .mkv, .avi, .odt, .pdf, .docx, .gzip, .m2v, .cpt, .raw, .cdr, .cdx, .1cd, .3gp, .7z, .rar, .db3, .zip, .xlsx, .xls, .rtf, .doc, .jpeg, .jpg, .psd, .zip, .ert, .bak, .xml, .cf, .mdf, .fil, .spr, .accdb, .abf, .a3d, .asm, .fbx, .fbw, .fbk, .fdb, .fbf, .max, .m3d, .dbf, .ldf, .keystore, .iv2i, .gbk, .gho, .sn1, .sna, .spf, .sr2, .srf, .srw, .tis, .tbl, .x3f, .ods, .pef, .pptm, .txt, .pst, .ptx, .pz3, .mp3, .odp, .qic, .wps.

The Possible Way to Recover from the Vipasana Ransomware

Unfortunately, it seems that there is no way to recover the files that have been encrypted by the Vipasana Ransomware currently. PC security researchers advise computer users to restore their files from a backup to recover quickly, after using a reliable security application to delete the Vipasana Ransomware completely from the infected computer. In fact, keeping a reliable off-site backup of all files is the best method for dealing with these threats. If files are backed up regularly, then the con artists responsible for the Vipasana Ransomware attack have absolutely no leverage. In fact, in an ideal world where all computer users backup their files regularly, these types of threats would be nonexistent. Unfortunately, we do not live in such a world. Currently, most computer users do not backup their files on an off-site drive regularly, making them vulnerable to these kinds of attacks. However, the cost and effort associated with backing up files will never be more than a fraction of the cost incurred in dealing with the aftermath of these kinds of attacks.

Trending

Most Viewed

Loading...