'.VforVendetta File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 21 |
First Seen: | December 9, 2016 |
Last Seen: | May 30, 2021 |
OS(es) Affected: | Windows |
The '.VforVendetta File Extension' Ransomware is packed as a Trojan that you may come in contact when you enable a macro in documents downloaded from spam emails. The '.VforVendetta File Extension' Ransomware is a version of the SamSam Ransomware, which we covered in an article in April 2016. The variant '.VforVendetta File Extension' Ransomware may have been inspired from the movie 'V for Vendetta' from 2005, which introduced the Guy Fawkes mask worldwide and later became the symbol of the hacktivist group Anonymous. As its name suggests, the '.VforVendetta File Extension' Ransomware is named after the marker placed on encrypted objects. For example, 'Lockheed Martin F-22 Raptor.pptx' is transcoded to 'Lockheed Martin F-22 Raptor.pptx..VforVendetta'.
An Advanced RSA-2048 Encryption Algorithm is Used to Handle the Encryption Process
Security experts report that the '.VforVendetta File Extension' Ransomware is using a reliable RSA-2048 encryption algorithm to lock the files, and the private decryption key is stored on the servers of its operators. The original release of the SamSam Ransomware was aimed at networks that operated with the Redhat OS, which is based on Linux. However, SamSam affected Windows-powered computers connected to machines using Redhat. Reports on the '.VforVendetta File Extension' Ransomware suggest that the Trojan is aimed at the Windows OS users predominantly. The '.VforVendetta File Extension' Ransomware can encode data on removable, local and shared drives, as long as they are not password protected, and there isn't access control policy in place.
The '.VforVendetta File Extension' Ransomware functions similarly to the Dr. Fucker Ransomware that is a variant of SamSam as well. Both notes seen with the '.VforVendetta File Extension' Ransomware and the Dr. Fucker Ransomware are almost identical. The updated note in the '.VforVendetta File Extension' Ransomware is presented as '000-PLEASE-READ-WE-HELP.html' and earlier versions were shown as 'PLEASE_READ_FOR_DECRYPT_FILES_[ID number].txt.' The message left by the '.VforVendetta File Extension' on infected computers may look like this:
'#What happened to your files?
All your files encrypted with RSA-2048 encryption, For more information search in Google 'RSA Encryption.'
#How to recover files?
RSA is an asymmetric cryptographic algorithm;
You need one key for encryption and one key for decryption.
So you need Private key to recover your files.
It's not possible to recover your files without private key
#How to get private key?
You can get your private key in 3 easy step:
Step1: You must send us 1.7 BitCoin for each affected PC OR 29 BitCoins to receive ALL Private Keys for ALL affected PCs.
Step2: After you send us 1.7 BitCoin, Leave a comment on our Site with this detail: Just write Your 'Host name' in your comment.'
Some Versions of the '.VforVendetta File Extension' Ransomware may Feature a Differential Pricing for the Decryption Software
Depending on the volume of data that is encrypted, the '.VforVendetta File Extension' Ransomware Trojan could display a price that ranges from 1 Bitcoin to 30 Bitcoins. To put the prices in official currency, the '.VforVendetta File Extension' Ransomware may sell a decryptor for prices between 770 USD and 23,147 USD. Needless to say, server administrators and regular PC users need to consider installing a backup solution and a reliable anti-malware shield that would secure their data in case the '.VforVendetta File Extension' Ransomware Trojan compromises their system. Paying the ransom is not encouraged, and as long as you have backups, you should recover from a successful crypto threat attack comparatively fast.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.