vCrypt1 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | May 4, 2017 |
| Last Seen: | October 16, 2019 |
| OS(es) Affected: | Windows |
The vCrypt1 Ransomware seems to be a stand-alone ransomware threat rather than belonging to an established family of threats. The vCrypt1 Ransomware has some obfuscation features that allow it to avoid detection and removal by anti-virus programs. The vCrypt1 Ransomware also will detect whether it is present in a virtual environment or debugger as a way to prevent PC security researchers from analyzing it. The vCrypt1 Ransomware carries out a typical ransomware attack, encrypting the victim's files and then demanding the payment of a ransom. The files encrypted by the vCrypt1 Ransomware are easy to recognize because of the file extension '.vCrypt1,' which is added to the end of each affected file's name.
How the vCrypt1 Ransomware Carries out Its Attack
The vCrypt1 Ransomware may be delivered to the victims' computers through the use of corrupted spam email attachments. These email attachments may take the form of text documents, which, through the use of macros, will download and execute the vCrypt1 Ransomware on the victim's computer. This vulnerability may be abused by numerous threats and has been observed in the Windows operating system for most of its lifetime. Therefore, it is a good idea to ensure that the macro settings are set to prevent abuse. Most importantly, though, learn to handle emails safely, to avoid opening corrupted file attachments.
Once the vCrypt1 Ransomware has entered the victim's computer, it will search for all local drives and connected external memory devices, as well as directories shared on the network. The vCrypt1 Ransomware will use a strong encryption algorithm, XOR, to encrypt the victim's files. The vCrypt1 Ransomware will target user-generated files, which may include video, audio, text, spreadsheets and numerous others. After encrypting the victim's files, the vCrypt1 Ransomware will deliver its ransom note in the form of a text file dropped on the infected computer's desktop. This ransom note is named 'КАК_РАСШИФРОВАТЬ_ФАЙЛЫ.txt' and contains the following message:
'Если Вы читаете это сообщение, значит Ваш компьютер был атакован опаснейшим вирусом-шифровальщиком vCrypt1!
Вся ваша информация (документы, базы данных, бэкапы и другие файлы) на этом компьютере была зашифрована с помощью криптоалгоритма RSA2048. Восстановить файлы можно только зная уникальный для вашего ПК пароль и имея соответствующий дешифратор.
Подобрать ключ невозможно. Смена операционной системы ничего не изменит. Ни один системный администратор не решит эту проблему, не зная ключа.
Ни в коем случае не изменяйте файлы, иначе расшифровать их будет невозможно даже нам!
Ваши действия должны быть следующими:
1. Сделайте резервную копию всех ваших файлов.
2. Напишите нам письмо на адрес fns-service@pochta.com, чтобы узнать как получить ключ и дешифратор.
К письму можете приложить любой файл с известным Вам содержимым, мы вышлем в ответ расшированную копию.
Это докажет, что мы действительно обладаем возможностью расшифровать Ваши файлы.
Среднее время ответа нашего специалиста 3-24 часов.
Письма с угрозами будут угрожать только Вам и Вашим файлам!
НЕ ЗАБУДЬТЕ! Только МЫ можем расшифровать Ваши файлы!'
Translated into English:
'If you are reading this message, then your computer was attacked by the most dangerous virus-encryptor vCrypt1!
All of your information (documents, databases, backups and other files) on this computer was encrypted using the RSA2048 cryptographic algorithm. You can recover files only knowing a unique password for your PC and having the appropriate decoder.
You can not find the key. Changing the operating system will not change anything. No system administrator will solve this problem without knowing the key.
Do not change the files at all, otherwise it will be impossible to decipher them even to us!
Your actions should be as follows:
1. Make a backup of all your files.
2. Write us a letter to fns-service@pochta.com to find out how to get the key and decoder.
To the letter you can attach any file with the content known to you, we will send an decrypted copy in response.
This will prove that we really have the ability to decrypt your files.
The average response time of our specialist is 3-24 hours.
Threatened letters will threaten only you and your files!
DO NOT FORGET! Only we can decrypt your files!'
Dealing with the vCrypt1 Ransomware
Unfortunately, it may not be viable to recover files that have been encrypted in the vCrypt1 Ransomware attack currently. Because of this, take preventive measures that can keep these infections away from your machine. Malware researchers advise computer users to use a reliable security program and have file backups of all files on an external memory device.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.