Ver Ransomware
The Ver Ransomware is a malware threat that encrypts files on infected computers and thus prevents victims from accessing their data. This encrypting malware appends the ".ver" extension to filenames, along with the individual victim's ID and the e-mail address quacksalver@onionmail.org e-mail address. After the encryption is complete, Ver shows a pop-up window to inform the user what is happening and creates a text file named "info.txt" containing the ransom note.
Researchers have identified common traits with an already known ransomware family, so Ver is considered part of the Dharma Ransomware family. Ver's ransom notes instruct victims to contact the attackers by sending a message to quacksalver@onionmail.org or quacksalver@msgsafe.io. The ransom note also warns affected users not to rename the locked files or try to decrypt them through some third-party software. The malware operators claim that doing so would permanently damage the files.
Unfortunately, the files locked by ransomware can rarely be decrypted for free. Paying the required ransom is not a reasonable option either, as it does not guarantee that the crooks would actually send a working decrypting tool. Therefore, the best protection against ransomware attacks is to keep backups of your most valuable data.
Ver Ransomware’s pop-up window contains the following text:
"YOUR FILES ARE ENCRYPTED
1024
Don't worry, you can return all your files!
If you want to restore them, write to the mail: quacksalver@onionmail.org YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:quacksalver@msgsafe.io
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam."
The text file states the following:
"All your data has been locked us
You want to return?
write e-mail quacksalver@onionmail.org or quacksalver@msgsafe.io"
