V3NOM Ransomware

The V3NOM Ransomware appears to be more aggressive than the average ransomware threat. It too aims to lock its victims' data with an uncrackable cryptographic algorithm, but alongside it, the threat also claims to tamper with the MBR (Master Boot Record) of the breached device.

During the encryption process, the malware will affect numerous different file types and make them completely inaccessible and unusable. Each locked file will have '.V3NOM' added to its original name. Afterward, the ransomware threat will change the current desktop wallpaper with a new one containing a message from the attackers. As for its ransom note, instead of placing it inside a text file as most other malware of this type, V3NOM uses an executable file named 'VenomD3crypt0r.exe.' The file will be placed on the desktop of the infected system.

Ransom Note's Details

Probably the first message that V3NOM's victims will notice will be the one placed as a desktop background. It states that if the computer is shut down, it will cause irreparable damage to all the encrypted files and the operating system, potentially making the entire system unbootable. The hackers then direct the affected user towards starting the executable file in to get additional instructions.

When launched, the file will display a window with a different note, a crypto-wallet address, and two buttons - 'Check Payment' and 'Decrypt Files.' Victims will be told that they will need to buy around $95 to $100 in Bitcoin and transfer the sum to the provided wallet address. However, if the note can be believed, they have just 2 hours to make the payment before the computer is damaged beyond repair. The same also will happen, apparently, if they restart or shut down the device.

The message delivered via the background image is:

'Uh oh! Your PC has been compromised! 🙁

All of your important files and data has been encrypted.

Your MBR has also been overrid, so if you shut your PC off, ALL of your data will be lost. (Including the operating system)

To get your files back, read the instructions shown on the @V3nom-Decryptor.exe file on your desktop.

If you don't pay the ransom in a day, your computer will be irreversible, and when your computer is shut off, will be broken.

The instructions displayed by the executable file are:

Oops, your computer has been compromised!
What has happened to my PC?
All of your important files have been encrypted. If you try to restart\shutdown your PC, it will brick your computer.

Can I fix my PC?
Of course! All of your files can be safely decrypted, and your drive not be bricked. To fix your computer, you must send 100$ worth of bitcoin to the address below. If you don't pay us, your computer will be broken and all of your files will be unaccessible. You have 2 hours to send the bitcoin before your computer is unreversible.

How do I get bitcoin?
Payment is only bitcoin. To get bitcoin, download the 'BitPay' app and setup an account. Once you have done this, buy 95-100$ worth of bitcoin and send it to the address below, when you have done this, click 'check payment' and all of your files will be decrypted.

Do not remove this software, it is your only chance at fixing your computer. If your antivirus removes this software, check the windows defender quarantine and put the file back onto your desktop.'