VegaLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | March 12, 2019 |
| Last Seen: | May 9, 2019 |
| OS(es) Affected: | Windows |
The VegaLocker Ransomware is an encryption ransomware Trojan, first observed on February 11, 2019. Malware researchers have reasons to suspect that Russian criminals created the VegaLocker Ransomware. The VegaLocker Ransomware carries out a typical encryption ransomware attack, encrypting the victims' files and then requesting a ransom payment in exchange for the decryption software needed to restore the affected files.
What is the Objective of a VegaLocker Ransomware Attack
The VegaLocker Ransomware is distributed through corrupted spam email attachments most commonly, which often use embedded macro scripts to download and install the VegaLocker Ransomware onto the victim's computer. Once the VegaLocker Ransomware has been installed, the VegaLocker Ransomware targets the user-generated files, overwriting them with encrypted files and removing the Shadow Volume Copies of the affected files to disable this method of recovery. The VegaLocker Ransomware attack targets a wide variety of file types, which may include media files, databases, documents, and numerous other file types. The files that threats like the VegaLocker Ransomware target in these attacks include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The VegaLocker Ransomware's Ransom Demands
The VegaLocker Ransomware demands a ransom payment after encrypting the victim's files. To do this, the VegaLocker Ransomware delivers a ransom note in the form of text files named 'ABOUT YOUR FILES.TXT' and 'Your files are now encrypted.txt,' which it will drop on the infected computer. These files deliver a ransom message written in Russian, demanding a ransom payment from the victim in exchange for the decryption key. The VegaLocker Ransomware's ransom message translated to English reads:
'ATTENTION, YOUR FILES ARE ENCRYPTED!
Your documents, photos, databases, game saves and other important data was encrypted with a unique key that we have. To restore data, you need a decryptor.
You can restore files by writing us to email:
e-mail: sprosinas@cock.li
e-mail: sprosinas2@protonmail.com
Send us your ID token and 1-2 files, the size should be no more than 1 MB.
We will restore them to prove there is decryption available.
After the demonstration, you will receive payment instructions, and after payment you will receive a decryptor program that will restore your files completely without issues.
IF you can't reach us via e-mail:
Go to the site: https://bitmessage.org/wiki/Main_Page and download the e-mail client. Run the e-mail client and create an address.
Send us an e-mail to: BM-2cVK1UBcUGmSPDVMo8TN7eh7BJG9jUVrdG (including your address) and we will contact you.'
Contacting the criminals or paying the VegaLocker Ransomware ransom is a choice that should be avoided at any cost. Instead, computer users should restore any data lost in the VegaLocker Ransomware attack by replacing it from a backup copy.
