vCrypt1 Ransomware

vCrypt1 Ransomware Description

Type: Ransomware

The vCrypt1 Ransomware seems to be a stand-alone ransomware threat rather than belonging to an established family of threats. The vCrypt1 Ransomware has some obfuscation features that allow it to avoid detection and removal by anti-virus programs. The vCrypt1 Ransomware also will detect whether it is present in a virtual environment or debugger as a way to prevent PC security researchers from analyzing it. The vCrypt1 Ransomware carries out a typical ransomware attack, encrypting the victim's files and then demanding the payment of a ransom. The files encrypted by the vCrypt1 Ransomware are easy to recognize because of the file extension '.vCrypt1,' which is added to the end of each affected file's name.

How the vCrypt1 Ransomware Carries out Its Attack

The vCrypt1 Ransomware may be delivered to the victims' computers through the use of corrupted spam email attachments. These email attachments may take the form of text documents, which, through the use of macros, will download and execute the vCrypt1 Ransomware on the victim's computer. This vulnerability may be abused by numerous threats and has been observed in the Windows operating system for most of its lifetime. Therefore, it is a good idea to ensure that the macro settings are set to prevent abuse. Most importantly, though, learn to handle emails safely, to avoid opening corrupted file attachments.

Once the vCrypt1 Ransomware has entered the victim's computer, it will search for all local drives and connected external memory devices, as well as directories shared on the network. The vCrypt1 Ransomware will use a strong encryption algorithm, XOR, to encrypt the victim's files. The vCrypt1 Ransomware will target user-generated files, which may include video, audio, text, spreadsheets and numerous others. After encrypting the victim's files, the vCrypt1 Ransomware will deliver its ransom note in the form of a text file dropped on the infected computer's desktop. This ransom note is named 'КАК_РАСШИФРОВАТЬ_ФАЙЛЫ.txt' and contains the following message:

'Если Вы читаете это сообщение, значит Ваш компьютер был атакован опаснейшим вирусом-шифровальщиком vCrypt1!
Вся ваша информация (документы, базы данных, бэкапы и другие файлы) на этом компьютере была зашифрована с помощью криптоалгоритма RSA2048. Восстановить файлы можно только зная уникальный для вашего ПК пароль и имея соответствующий дешифратор.
Подобрать ключ невозможно. Смена операционной системы ничего не изменит. Ни один системный администратор не решит эту проблему, не зная ключа.
Ни в коем случае не изменяйте файлы, иначе расшифровать их будет невозможно даже нам!
Ваши действия должны быть следующими:
1. Сделайте резервную копию всех ваших файлов.
2. Напишите нам письмо на адрес fns-service@pochta.com, чтобы узнать как получить ключ и дешифратор.
К письму можете приложить любой файл с известным Вам содержимым, мы вышлем в ответ расшированную копию.
Это докажет, что мы действительно обладаем возможностью расшифровать Ваши файлы.
Среднее время ответа нашего специалиста 3-24 часов.
Письма с угрозами будут угрожать только Вам и Вашим файлам!
НЕ ЗАБУДЬТЕ! Только МЫ можем расшифровать Ваши файлы!'

Translated into English:

'If you are reading this message, then your computer was attacked by the most dangerous virus-encryptor vCrypt1!
All of your information (documents, databases, backups and other files) on this computer was encrypted using the RSA2048 cryptographic algorithm. You can recover files only knowing a unique password for your PC and having the appropriate decoder.
You can not find the key. Changing the operating system will not change anything. No system administrator will solve this problem without knowing the key.
Do not change the files at all, otherwise it will be impossible to decipher them even to us!
Your actions should be as follows:
1. Make a backup of all your files.
2. Write us a letter to fns-service@pochta.com to find out how to get the key and decoder.
To the letter you can attach any file with the content known to you, we will send an decrypted copy in response.
This will prove that we really have the ability to decrypt your files.
The average response time of our specialist is 3-24 hours.
Threatened letters will threaten only you and your files!
DO NOT FORGET! Only we can decrypt your files!'

Dealing with the vCrypt1 Ransomware

Unfortunately, it may not be viable to recover files that have been encrypted in the vCrypt1 Ransomware attack currently. Because of this, take preventive measures that can keep these infections away from your machine. Malware researchers advise computer users to use a reliable security program and have file backups of all files on an external memory device.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.