'.vendetta File Extension' Ransomware
The '.vendetta File Extension' Ransomware is an encryption ransomware Trojan that seems to be a version of the RSAUtil Ransomware, a family of ransomware that has been active since May 2017. PC security researchers first observed the '.vendetta File Extension' Ransomware attack in the third week of December 2017. There is very little to differentiate the '.vendetta File Extension' Ransomware from the numerous encryption ransomware Trojans that are active currently. There are several variants of the '.vendetta File Extension' Ransomware, using more than twenty different email accounts their these attacks.
How the '.vendetta File Extension' Ransomware Attacks a Computer
The '.vendetta File Extension' Ransomware carries out a standard encryption ransomware attack, using a strong encryption method to compromise the victim's files and then demand payment of a ransom to receive the decryption key necessary to restore the affected files. Attacks like the '.vendetta File Extension' Ransomware target numerous file types, which may include the following:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
As its name implies, the '.vendetta File Extension' Ransomware will mark the files encrypted by the attack by adding the file extension '.VENDETTA' to the end of each affected file's name, as well as an ID number unique to the victim. A couple of variants of the '.vendetta File Extension' Ransomware are using different email addresses and differing in the method of attack slightly.
The '.vendetta File Extension' Ransomware's Ransom Demands
The various variants of the '.vendetta File Extension' Ransomware and other ransomware Trojans related to RSAUtil deliver a ransom note that is fairly similar, typically contained in a text file named 'How_return_files.txt,' which is dropped onto the infected computer's desktop. The following is the text of the '.vendetta File Extension' Ransomware (spelling and grammar mistakes are reproduced from the text of the original ransom note):
'WARNING!!!
Your ID 83624883
OUR FILES ARE DECRIPTED
Your documents, photos, database, save games and other important data was encrypted.
Data recovery the necessary interpreter. To get the interpreter, should send an email to [email #1], [email #2] or [email #3]
In a letter to include Your personal ID (see the beginning of this document).
In response to the letter You will receive the address of your Bitcoin wallet to which you want to perform the transfer.
When money transfer is confirmed, You will receive the decrypter file for Your computer.
After starting the programm-interpreter, all Your files will be restored.
Attention! Do not attempt to remove a program or run the anti-virus tools.'
Computer users shouldn't pay the '.vendetta File Extension' Ransomware ransom. There is no guarantee that the cybercrooks will respond with the decryption key, and they are just as likely to take the victim's money or demand more money. The following email addresses have been associated with the '.vendetta File Extension' Ransomware attack and with different variants of this threat:
alexjer554@gmx.com, alexjer554@india.com, batary5588@gmx.com, batary5588@india.com batary5588@protonmail.com, filegorilla1388@gmx.de, hepl1112@aol.com, panzergen552@gmx.de, filegorilla1388@india.com, filegorilla1388@protonmail.com, panzergen552@india.com, panzergen552@protonmail.com, robocript@protonmail.ch, robocript@gmx.us, robocript@india.com, some@mail.ru, ursa2277@bk.ru, ursa2277@india.com, ursa2277@yahoo.com
The best protection against the '.vendetta File Extension' Ransomware, as with most encryption ransomware Trojans, is to have file backups on the cloud or on an external memory device, which can then be used to restore the files that were compromised by the '.vendetta File Extension' Ransomware attack.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.