Threat Database Ransomware Vally Ransomware

Vally Ransomware

By GoldSparrow in Ransomware

The Vally Ransomware is a cyber threat that belongs to the Scarab Ransomware family. The Vally Ransomware is a file cryptor Trojan that emerged on April 23rd, 2019 shortly after the Croc Ransomware (a.k.a. Scarab-Croc Ransomware). The Vally Ransomware is not a unique program in any sense of the word as it is a simple copy of the Scarab Ransomware that has received a few small modifications. The Vally Ransomware is distributed via spam emails and corrupted advertisements on the Internet. The threat actors may use PDFs, MS Word files, and SCR files to lure PC users into installing the malware by themselves. The affected users are locked out of their data by applying a custom cipher to images, audio, video, text, presentations, databases, spreadsheets, PDFs and eBooks. The locked files are listed in the file explorer with '.vally' extensions. For example, 'Amaranthe - Maximize (Official Video).mp4' turns into 'Amaranthe - Maximize (Official Video).mp4.vally.' The ransom note is presented as 'HOW TO RECOVER ENCRYPTED FILES.TXT' to the desktop and reads:

all your files have been encrypted.
Your personal ID:
[random characters]
If you want to recovery your files, you need the decryptor.
You should send us e-mail with your personal ID and 3 (three) files to receive the decryptor.
>>> Contacts:
If your mail server doesn't send e-mail to our contacts, we recommended you to create
an e-mail on ( or (
>>> Free decryption as guarantee!
Before paying you send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.). We recommeded to send pictures,
text files, sheets, etc.
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Some computer security vendors may refer to the Vally Ransomware as Scarab-Vally Ransomware considering how both are almost identical. The Vally Ransomware may use a new file extension and new emails, but it is the same program as the Scarab-Walker Ransomware and many other clones underneath. Negotiations with the threat actors via '' and the '' email accounts is not advised. PC security experts recommend using a backup manager instead. You should be able to restore your files to normal with the help of a cloud service and a credible backup tool. Eliminate traces from the Vally Ransomware (a.k.a. Scarab-Vally Ransomware) using a respected security instrument.


Most Viewed