Threat Database Ransomware Vanguard Ransomware

Vanguard Ransomware

By GoldSparrow in Ransomware

The Vanguard Ransomware is a ransomware Trojan that is used to encrypt the victims' files to demand the payment of a ransom. The Vanguard Ransomware is capable of encrypting more than 400 different file types during its attack. After encrypting its victims' files, the Vanguard Ransomware demands payment by displaying a ransom note on the victim's computer. The Vanguard Ransomware is particularly unique in that the programming language used to create the Vanguard Ransomware is the Google's Go. If the Vanguard Ransomware has been installed on your computer, it will be necessary to recover your files from a backup copy.

There’s Nothing New on the Vanguard Ransomware Attack

There are numerous ways in which the Vanguard Ransomware can enter a computer. The most common way of distributing threats like the Vanguard Ransomware is through corrupted spam email attachments, which exploit known vulnerabilities on the victim's computers. Once the Vanguard Ransomware has been installed on the victim's computer, it will encrypt the victims' files, using a strong encryption algorithm. The Vanguard Ransomware encrypts the following file types during its attack:

.123, .1cd, .3dm, .3ds, .3fr, .3g2, .3gp, .3pr, .602, .7z, .7zip, .aac, .ab4, .ach, .acr, .act, .adb, .adp, .ads, .aes, .agdl, .ai, .aiff, .ait, .al, .aoi, .apj, .arc, .arw, .asc, .asf, .asm, .asp, .aspx, .asx, .avi, .awg, .back, .backup, .backupdb, .bak, .bank, .bat, .bay, .bdb, .bgt, .bik, .bin, .bkp, .bmp, .bpw, .brd, .bz2, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfg, .cgm, .cib, .cls, .cmd, .cmt, .com, .config, .contact, .cpi, .cpp, .cr2, .craw, .crt, .crw, .cs, .csh, .csl, .csr, .css, .csv, .dac, .dat, .db, .db3, .dbf, .dbx, .dc2, .dch, .dcr, .dcs, .ddd, .ddoc, .ddrw, .dds, .der, .des, .design, .dgc, .dif, .dip, .dit, .djv, .djvu, .dng, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .edb, .eml, .encrypted, .eps, .erbsql, .erf, .exe, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flf, .flv, .flvv, .fpx, .frm, .fxg, .gif, .gpg, .gray, .grey, .groups, .gry, .gz, .hbk, .hdd, .hpp, .htm, .html, .hwp, .ibd, .ibz, .idx, .iif, .iiq, .incpas, .indd, .inf, .jar, .java, .jnt, .jpe, .jpeg, .jpg, .js, .kc2, .kdbx, .kdc, .key, .kpdx, .kwm, .laccdb, .lay, .lay6, .ldf, .lit, .log, .lua, .m2ts, .m3u, .m4a, .m4p, .m4u, .m4v, .mapimail, .max, .mbx, .md, .mdb, .mdc, .mdf, .mef, .mfw, .mid, .mkv, .mlb, .mml, .mmw, .mny, .moneywell, .mos, .mov, .mp3, .mp4, .mpeg, .mpg, .mrw, .ms11, .msg, .myd, .myi, .nd, .ndd, .ndf, .nef, .nk2, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nwb, .nx2, .nxl, .nyf, .oab, .obj, .odb, .odc, .odf, .odg, .odm, .odp, .ods, .odt, .ogg, .oil, .onenotec2, .orf, .ost, .otg, .oth, .otp, .ots, .ott, .p12, .p7b, .p7c, .pab, .paq, .pas, .pat, .pcd, .pct, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .php, .pif, .pl, .plc, .plus_muhd, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .ps, .psafe3, .psd, .pspimage, .pst, .ptx, .pwm, .py, .qb, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby, .qcow, .qed, .r3d, .raf, .rar, .rat, .raw, .rb, .rdb, .rm, .rtf, .rvt, .rw2, .rwl, .rwz, .s3db, .safe, .sas7bdat, .sav, .save, .say, .sch, .sd0, .sda, .sdf, .sh, .sldm, .sldx, .slk, .sql, .sqlite, .sqlite3, .sqlitedb, .sr2, .srf, .srt, .srw, .st4, .st5, .st6, .st7, .st8, .stc, .std, .sti, .stm, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .tar, .tbk, .tex, .tga, .tgz, .thm, .tif, .tiff, .tlg, .torrent, .txt, .uop, .uot, .vb, .vbox, .vbs, .vdi, .vhd, .vhdx, .vmdk, .vmsd, .vmx, .vmxf, .vob, .wab, .wad, .wallet, .wav, .wb2, .wk1, .wks, .wma, .wmv, .wpd, .wps, .x11, .x3f, .xis, .xla, .xlam, .xlc, .xlk, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .ycbcra, .yuv, .zip.

After encrypting the victim's files, the Vanguard Ransomware drops a message alerting the victim of the attack and demanding the payment of a ransom.

The Vanguard Ransomware and Its Threatening Ransom Note

The Vanguard Ransomware drops a text file named 'DECRYPT_INSTRUCTIONS.txt' that demands the payment of a ransom. The full text of the Vanguard Ransomware ransom note reads as follows:

'NOT YOUR LANGUAGE? https://translate.google.com
Your personal files and documents have been encrypted with AES-256 and RSA-2048!
Decrypting your files is only possible with decrypt key stored on our server.
Price for key is %bitcoin% BTC (Bitcoin).
1. Send %bitcoin% BTC to %bitcoinaddress%
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
https://www.bitcoin.com/buy-bitcoin
2. Wait some time for transaction to process
3. PRIVATE KEY WILL BE DOWNLOADED AND SYSTEM WILL AUTOMATICALLY DECRYPT YOUR FILES!
If you do not pay within %hoursvalid% hours key will become DESTROYED and your files LOST forever!
Removing this software will make recovering files IMPOSSIBLE! Disable your antivirus for safety.'

Dealing with the Vanguard Ransomware

PC security analysts strongly advise computer users to refrain from paying the Vanguard Ransomware ransom. Instead, it will be necessary to restore the affected files from a backup copy. A reliable security program and backups are the best way to limit the damage of a Vanguard Ransomware attack.

Trending

Most Viewed

Loading...