Venis Ransomware

Malware researchers found a crypto malware named Venis Ransomware while searching the Dark Web for encryption Trojans that are available for sale. The first samples of the Venis Ransomware revealed that it was still in development and did not encrypt files initially. Propagation techniques for the Venis Ransomware involve spam email loaded with a Trojan-Dropper and corrupted DOCX and PDF files. Initial threat assessment showed that the Venis Ransomware relies on a constant connection to its 'Command and Control' servers to operate. Researchers alert that the Venis Ransomware may receive updates soon and include data grabbing functionality.

The Coders Behind the Venis Ransomware Claim to Collect Data Like Login Credentials and Personal Messages

The ransom note suggests that the Venis Ransomware is using the AES-2028 cipher, which is a military-grade encryption technology. Contemporary computing resources are unable to crack the AES-2048 encoding, which makes the technology very reliable. The Venis Ransomware is programmed to target the following data containers:

.csv, .doc, .ppt, .xls,.avi, .bak, .bmp, .dbf, .djvu, .docx, .exe, .flv, .gif, .jpeg, .jpg, .max, .mdb, .mdf, .mkv, .mov, .mpeg, .mpg, .odt, .pdf, .png, .pps, .pptm, .pptx, .psd, .rar, .raw, .tar, .tif, .txt, .vob, .wav, .wma, .wmv, .xlsb, .xlsx, .zip.

The ransom note is delivered as TXT file that is dropped on the desktop and reads:

'A11 your files has been encrypted with AES 2048. (Military Grade Encryption)
The key has been sent to our private server which we have access to.
There are no tools online that will allow you to decode your files for free.
The following info has been gathered about this PC.
Usernames
Chrome Passwords/Firefox Passwords
Facebook Messages
Skype History (Deleted and non deleted)
Browser History
Tor History
You have 72 Hours To Comply. (Each delay will cause a price increase)
Drives are completely wiped after this time period is finished while the info is released for the public. (Nothing is spared)
Send us a message at: (Email)
VenisRansom@protonmail.com'

VenisRansom@Protonmail.com is the Communications Hub for the Venis Ransomware

Users that were infected with the Venis Ransomware will be welcomed to write an email to VenisRansom@protonmail.com, which includes their ID number. The makers of VenisRansom@protonmail.com may direct users to register an account for the BitMessage IM client and open a private channel for payment instructions. Cyber extortionists behind threats like the YOUGOTHACKED Ransomware and the KillerLocker Ransomware favor IM clients that offer anonymity. As stated above, the Venis Ransomware does not include data grabbing functionality, but it may receive updates and expand its features. Computer users should not panic when the Venis Ransomware succeeds to encrypt their data. The Venis Ransomware is unable to alter files on password protected drives and network shares. Additionally, the Venis Ransomware is unlikely to delete backup images stored on local drives and disconnected portable HDD and SSD devices. Services like Google Drive and Dropbox can be used to restore data after a trusted anti-malware solution is used to eliminate the Venis Ransomware.