Venom Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | January 28, 2019 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
A threat named Venom Ransomware has been uncovered by cybersecurity researchers. The threat, which is a variant belonging to the ZEPPELIN Ransomware family, exhibits potent encryption capabilities, as it locks numerous popular file types and leaves them in an unusable state. Like most ransomware operations, the operators of the Venom Ransomware are financially motivated, as they try to extort money from their victims in exchange for a decryption tool and the required decryption key.
During its invasive actions, the Venom Ransomware also will modify the names of the files it encrypts. More specifically, the threat will append '.venom' to the original file names, followed by a character string representing the ID assigned to the particular victim. A ransom note with instructions on how victims are expected to proceed following the attack will be delivered to the breached devices as a text file named 'ALL YOUR FILES ARE ENCRYPTED..txt.' The file will be created on the desktop of the device.
Ransom Note's Overview
Although the ransom-demanding message of the threat doesn't reveal the exact ransom demanded by the hackers, it states that only payments made using the Bitcoin cryptocurrency will be accepted. The note also mentions that victims are allowed to send one encrypted file to be unlocked for free. However, the chosen file must not contain any valuable data, databases or be an XLS/XML document. Contact with the attackers is only possible via the 'venom@privatemail.com' email address found in the note. The message from the cybercriminals concludes with various warnings, such as not renaming the encrypted files, because doing so could damage the data inside them.
The full text of the note left by Venom Ransomware is:
'ALL YOUR FILES ARE ENCRYPTED
***All your data has been compromised. Documents, photos, databases and other important files are encrypted.
***You cannot decipher them yourself! The only method for recovering files is by purchasing a unique private key. Only we can provide you with this key and only we can restore your files.
***The decryption key fee is charged only in bitcoins, we CAN assist in buying bitcoins by giving instructions on how and where to buy.
***In case of non-payment, all data will be put up for auction on the darknet. Beware of data leaks.
***To make sure we have a decryptor and it works, you can send an email to venom@privatemail.com and decrypt one not important file for free, DO NOT send files containing databases, any XLS / XML documents for the test.
***Beware of dishonest middlemen. as well as buying a decryption key through intermediaries increases the final cost of the key.
***Do you really want to restore your files?
Write to email: venom@privatemail.com
Your personal ID:
Attention!
- Do not rename encrypted files.
- Do not try to decrypt your data using third party software, it may cause permanent data loss.
- Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
