Threat Database Ransomware VegaLocker Ransomware

VegaLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: March 12, 2019
Last Seen: May 9, 2019
OS(es) Affected: Windows

The VegaLocker Ransomware is an encryption ransomware Trojan, first observed on February 11, 2019. Malware researchers have reasons to suspect that Russian criminals created the VegaLocker Ransomware. The VegaLocker Ransomware carries out a typical encryption ransomware attack, encrypting the victims' files and then requesting a ransom payment in exchange for the decryption software needed to restore the affected files.

What is the Objective of a VegaLocker Ransomware Attack

The VegaLocker Ransomware is distributed through corrupted spam email attachments most commonly, which often use embedded macro scripts to download and install the VegaLocker Ransomware onto the victim's computer. Once the VegaLocker Ransomware has been installed, the VegaLocker Ransomware targets the user-generated files, overwriting them with encrypted files and removing the Shadow Volume Copies of the affected files to disable this method of recovery. The VegaLocker Ransomware attack targets a wide variety of file types, which may include media files, databases, documents, and numerous other file types. The files that threats like the VegaLocker Ransomware target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The VegaLocker Ransomware's Ransom Demands

The VegaLocker Ransomware demands a ransom payment after encrypting the victim's files. To do this, the VegaLocker Ransomware delivers a ransom note in the form of text files named 'ABOUT YOUR FILES.TXT' and 'Your files are now encrypted.txt,' which it will drop on the infected computer. These files deliver a ransom message written in Russian, demanding a ransom payment from the victim in exchange for the decryption key. The VegaLocker Ransomware's ransom message translated to English reads:

Your documents, photos, databases, game saves and other important data was encrypted with a unique key that we have. To restore data, you need a decryptor.
You can restore files by writing us to email:
Send us your ID token and 1-2 files, the size should be no more than 1 MB.
We will restore them to prove there is decryption available.
After the demonstration, you will receive payment instructions, and after payment you will receive a decryptor program that will restore your files completely without issues.
IF you can't reach us via e-mail:
Go to the site: and download the e-mail client. Run the e-mail client and create an address.
Send us an e-mail to: BM-2cVK1UBcUGmSPDVMo8TN7eh7BJG9jUVrdG (including your address) and we will contact you.'

Contacting the criminals or paying the VegaLocker Ransomware ransom is a choice that should be avoided at any cost. Instead, computer users should restore any data lost in the VegaLocker Ransomware attack by replacing it from a backup copy.


Most Viewed