Vapor Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | November 20, 2018 |
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The Vapor Ransomware is an encryption ransomware Trojan that first appeared on November 17, 2018. The criminals distribute the Vapor Ransomware through corrupted spam email attachments. Once the Vapor Ransomware is installed, the Vapor Ransomware uses a strong encryption algorithm to take over the victim's computer and makes the victim's files inaccessible. The Vapor Ransomware's attack is designed to extract a ransom from the victim in exchange for restoring access to the compromised data.
How the Vapor Ransomware Attack Works
The Vapor Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, targeting the user-generated files, which may include a wide variety of file types. The Vapor Ransomware marks all files encrypted by its attack by adding the file extension '.Vapor' to the end of each compromised file's name. The Vapor Ransomware targets the following file types in its infection process:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Vapor Ransomware's Ransom Messages
The Vapor Ransomware delivers a ransom note in the form of a program window named 'Vapor Ransomware' after it has finished encrypting the victim's files. The Vapor Ransomware's ransom note contains the following message:
'Vapor Ransomware
You Have Been Caught.
You Cannot Run.
You Cannot Hide.
You Aren't Safe Here.
What Happened to Me?
All your private data, files. cookies. application and much more as been encrypted into a strong encryption!
The only way to get it hack is by sending a support email at this email:
deadhacksteem@gmail.com
Please make sure your Client ID is included so we can recognise you and send hack the key.
When its done. enter the key into the key box and enjoy your day I night.
You have 48 hours to send the email. if the timer runs out your files will be deleted.
If you restart the PC or kill the program. you will never be
able to get your files baek since they will be re-encrypted ii you re-launch the program.
Basically closing the program in anyway will result in loosing the key.
- Good Luck. Good Time.
DeaDHackS Team!
Total Files: [random number]
[I Give Up|BUTTON]
Key: [TEXT BOX] [CHECK KEY|BUTTON]
TIMER: [48 HOUR COUNTDOWN]
Big Thanks To:
Ghostly / DeadDHackS :Creating Encryption / Timer / Design!'
The Vapor Ransomware also delivers its ransom note in a text file named 'readme.txt,' which contains the following message:
'All your private data, files, cookies, application and much more as been encrypted into a strong encryption!
The only way to get it back is by sending a support email at this email:
deadhacksteam@gmail.com
Please make sure your Client ID is included so we can recognise you and send back the key.
Hhen its done, enter the key into the key box and enjoy your day I night.
You have 48 hours to send the email, if the timer runs out your files will be deleted.
If you restart the PC or kill the program, you will never be
able to get your files back since they will be re-encrypted if you re-launch the program.
Basically closing the program in anyway will result in loosing the key.
- Good Luck, Good Time.
- DeaDHackS Team!'
The recommendation from the specialists is that computer users refrain from contacting the criminals responsible for the Vapor Ransomware infection. Computer users should use backup copies to restore any files compromised by the Vapor Ransomware attack.
