Vawe Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 17 |
| First Seen: | January 19, 2011 |
| Last Seen: | September 12, 2020 |
| OS(es) Affected: | Windows |
Ransomware threats are among the most prevalent threats that target users online at random. If a ransomware threat infiltrates your computer, it will encrypt all your files and then ask you to pay a large sum in exchange for a decryption tool. However, cybercriminals rarely keep their promises, and you are likely never to receive the decryptor you need, even paying the ransom fee demanded. One of the latest ransomware threats uncovered by security analysts is the Vawe Ransomware. This file-locked belongs to the STOP Ransomware family – the most popular family of 2019 and 2020.
Propagation and Encryption
Like most data-locking Trojans, the Vawe Ransomware is designed to target a very wide variety of filetypes, which are likely to exist on the system of most regular users. This means that if the Vawe Ransomware manages to compromise your PC, it is likely that all your images, audio files, videos, databases, archives, documents, presentations, spreadsheets, and other filetypes will be encrypted securely. To lock files, the Vawe Ransomware uses a strong encryption algorithm. Sadly, malware experts are yet to develop and release a decryption tool that is able to reverse the damage done by file-lockers, which belong to the STOP Ransomware family. Once the Vawe Ransomware locks a file, you will notice that it also changes its filename. This data-locker appends a '.vawe' extension to the names of all the affected files. This means that a file, which was originally named 'ruby-dice.mp4', will be renamed to 'ruby-dice.mp4.vawe.' The Vawe Ransomware is a threat that is likely propagated via torrent trackers, fraudulent social media accounts, fake application updates, spam emails, etc.
The Ransom Note
When the Vawe Ransomware is done locking the files present on the infiltrated system, it will drop its ransom note on the user's desktop. The file containing the ransom message of the conmen is named '_readme.txt.' In the note, it is stated that:
- The ransom fee is $490.
- Within three days, users who do not contact the attackers would have to pay double the price - $980.
- The email address provided is ‘helpmanager@mail.ch.'
- The attackers are willing to decrypt one file for free.
We would recommend you to avoid getting in touch with cybercriminals. Even if you pay the fee demanded, you may not receive the decryption key you need. It is advisable to immediately remove the Vawe Ransomware from your system via a trustworthy, up-to-date anti-malware application.
