VevoLocker Ransomware

The VevoLocker Ransomware is an encryption ransomware Trojan that was observed in attacks carried out on Web servers and facilities that stored data on the cloud for computer users. The VevoLocker Ransomware, unlike many low-tier ransomware Trojans used against individual computer users, is a top-tier threat that is considered extremely threatening by PC security researchers. The VevoLocker Ransomware performs a sophisticated attack that is used to encrypt valuable data and high-value targets. The VevoLocker Ransomware has been delivered by exploiting vulnerabilities on the targets' computers. The VevoLocker Ransomware attacks have exploited two vulnerabilities present in Drupal open-source content managing platforms specifically: the CVE-2018-7602 and the CVE-2018-7600. PC security researchers have observed that apart from exploiting these weaknesses, the con artists also took advantage of a more commonly used weakness: poorly protected remote desktop protocol ports.

A General Explanation about a VevoLocker Ransomware Attack

The VevoLocker Ransomware was observed being used in attacks along with the installation of cryptocurrency miners to take advantage of the victims' computers. Apparently, the people responsible for the VevoLocker Ransomware attack will take advantage of the victims that have not updated their Drupal software with the latest patches and security updates. Threats like the VevoLocker Ransomware and crypto-mining malware are installed on the targets through the vulnerabilities listed above. The VevoLocker Ransomware threat itself is not all too different from many other encryption ransomware Trojans and may have been gathered by the people responsible for the attack by taking advantage of ransomware platforms available on the Web freely. However, the campaign used to deliver this attack and the sophisticated distribution method point to the fact that the people behind the VevoLocker Ransomware have considerable resources.

How the VevoLocker Ransomware Carries out Its Attack

There have been observed several strains of the VevoLocker Ransomware, meaning that there are variants of this attack. The first variants of the VevoLocker Ransomware targeted the files used on Web servers and cloud services specifically, such as JS, PHP, CSS, HTM and HTML files. This strain of the VevoLocker Ransomware does not mark the files that were encrypted in any way and uses the AES encryption to make the victim's files inaccessible. The VevoLocker Ransomware uses an open-source AES encryption and connects to a Command and Control server to receive instructions and relay data about the infected computers. The VevoLocker Ransomware attack uses strong encryption that is unbreakable with current technology. Once the VevoLocker Ransomware enciphers and corrupts the targeted files, they will no longer be recoverable. The VevoLocker Ransomware delivers its ransom note in the form of an HTML file that leads to a Web page that is very similar to the ransom notes used by WannaCry and its variants during its high-profile attacks in 2017.

Dealing with the VevoLocker Ransomware

PC security researchers are against computer contacting the people responsible for the VevoLocker Ransomware or collaborating with them in any way. The VevoLocker Ransomware asks for a ransom of 0.01 Bitcoin, although this amount can change depending on the extent of the damage. This ransom payment should be ignored, and effective measures should be set up to restore the affected data. Fortunately, due to the targets of the VevoLocker Ransomware, it is common for server administrators to have file backups and backup images offline, meaning that the data lost to the VevoLocker Ransomware attack can be restored. To prevent the VevoLocker Ransomware attacks, PC security researchers strongly advise Drupal users to patch their software and ensure that they have the latest security updates. Login credentials should be reissued to prevent any possible recurrence of the VevoLocker Ransomware attack or the other threat that could have been delivered using similar methods, such as cryptocurrency mining malware.