Vesrato Ransomware
An increasing number of shady individuals worldwide have taken up creating data-locking Trojans. This is a very lucrative market as cyber crooks spreading ransomware threats are likely to generate a good amount of cash and avoid any negative consequences for their criminal activity.
The Vesrato Ransomware is among the newest detected data-locking Trojans. Once malware experts uncovered this threat, they studied it and determined that this file-encrypting Trojan is a variant of the infamous STOP Ransomware. However, researchers have failed to determine the infections vectors that the Vesrato Ransomware's creators have used to spread this ransomware threat. It is widely believed that the most common propagation methods may be at play in the case of the Vesrato Ransomware – mass spam email campaigns, bogus software updates, and fake pirated variants of popular applications. When the Vesrato Ransomware infects your system, it will scan it to locate all the files, which it was programmed to target. Next, it will begin its encryption process. When the Vesrato Ransomware locks a file, it also changes its name by adding a '.vesrato' extension at the end of the filename. This means that a photo that you named 'Muse-Gone.jpeg' initially will be renamed to 'Muse-Gone.jpeg.vesrato.'
When this is done, the Vesrato Ransomware will drop a ransom note. The note is called '_readme.txt' and states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-o7ClqIH7RS
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentos2@firemail.cc
Our Telegram account:
@datarestore
Mark Data Restore
Your personal ID:’
The ransom fee demanded by the attackers is $980. However, they claim that all users who get in touch with them in less than 72 hours after the attack takes place will receive a 50% discount and would have to pay $490. The attackers claim that they will unlock one file free of charge to prove to the victim that they have a working decryption key. The authors of the Vesrato Ransomware provide two email addresses as a means of contacting them – 'gorentos@bitmessage.ch' and 'gorentos2@firemail.cc.' A Telegram contact information also is provided - @datarestore.
It is never good to contact such shady individuals. They often trick users into paying them cash and end up not holding up their end of the deal. A safer response would be to download and install a legitimate anti-spyware tool and remove the Vesrato Ransomware from your computer safely.
