VAGGEN Ransomware

By GoldSparrow in Ransomware

Translate To:

The VAGGEN Ransomware is a dangerous crypto locker threat that so far has not been classified as belonging to any of the existing ransomware families. Once it manages to infiltrate the targeted computer system successfully, the VAGGEN Ransomware will proceed to encrypt the most popular file types with a strong encryption algorithm. All affected users will effectively be locked out of accessing their personal or business-related data. The original filenames of the scrambled files will be modified to include '.VAGGEN' as a new extension. The hackers behind the threat took no chances that their message may go unnoticed and delivered their instructions in three different ways. First, VAGGEN Ransomware will change the default desktop image with one provided by itself. A pop-up window with a brief message will be generated. And finally, a text file named 'AboutYourFiles.txt' will be dropped in every folder containing encrypted data as well as on the desktop.

The text found in the pop-up window and the desktop background image mainly threatens users that their data may be gone forever, and to avoid that, they should follow the instructions from the text file. There the hackers specify that the sum of $80 must be sent as Bitcoin to the provided cryptocurrency wallet address. After the transaction is completed, victims are supposed to send an email to the 'employer21@protonmail.com' address.

The text displayed in the pop-up window is:

'Alert

Read the About_Your_Files.txt file on your desktop for info on how to access your files again. Failure to respond will result in access to your important files revoked. Forever. Once you have paid and email us, make sure to mention Agent W in your email.'

The instructions from the background image are:

'Your files have been encrypted. Access to them is temporarily revoked until a payment is made.

This payment will be made in bitcoin and will be $80 worth of bitcoin. Read the AboutYourFiles.txt file located on your Desktop. It contains the wallet address to send the bitcoin to. It contains your contact, once you have made the payment, email your contact and they will give you a decryption tool and walk through the decryption process.

Failure to make payment = ACCESS REVOKED

FOREVER and further consequences.

Sincerely,

Agent W.'

The full text found in the 'AboutYourFiles.txt' file is:

'Your important files are encrypted, your acecss to them has been revoked until you pay me $80 in Bitcoin (BTC).

Once you have sent $80 worth of Bitcoin to the following wallet address:

1LthWWSd82dKddmHwqhBv8XHiYyU

Email me at employer21@protonmail.com & I will send you a tool to decrypt the files and a tutorial on how to use said tool.

If you don't know how to buy Bitcoin, read this:

https://www.bitcoin.com/get-started/how-do-i-easily-buy-and-sell-bitcoin

Sincerely,

Agent W'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

VAGGEN Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen