Threat Database Ransomware VisionCrypt Ransomware

VisionCrypt Ransomware

By GoldSparrow in Ransomware

The VisionCrypt Ransomware is a ransomware Trojan that was observed by malware researchers in mid-May 2017. The VisionCrypt Ransomware runs as an executable file named 'VisionCryptor.exe' and may be delivered to computer users through the use of corrupted email attachments (although there are numerous ways in which the VisionCrypt Ransomware and similar threats can be delivered). After encrypting the victims' files, the VisionCrypt Ransomware delivers a ransom note in the form of a program window with the name 'VisionCrypt 2.0.' As with most ransomware Trojans, the purpose of the VisionCrypt Ransomware is to encrypt the victims' files and then demand the payment of a ransom to restore the affected files.

The Vision that us Better not Having

The VisionCrypt Ransomware uses a combination of the RSA and AES encryptions to make the victims' files inaccessible. The VisionCrypt Ransomware targets English speaking victims, although its attacks can happen all over the world. During its attack, the VisionCrypt Ransomware will target specific file types, which may include the following:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso, .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The files encrypted by the VisionCrypt Ransomware attack can be identified easily because of the file extension '.VisionCrypt' that will be added to the end of each of the affected files' names. The VisionCrypt Ransomware will communicate with its Command and Control server to report on data related to the infected computer and receive instructions from its controller. The VisionCrypt Ransomware also has various obfuscation measures designed to interfere with anti-virus software on the infected computer.

How Con Artists may Profit from Threats Like the VisionCrypt Ransomware

The VisionCrypt Ransomware will display a ransom note after encrypting the victim's files. This ransom note, contained in a program window titled 'VisionCrypt 2.0' contains the following message:

'**CLOSING OF THIS PROGRAM WILL REMOVE ALL CHANCE OF FILE RETRIEVAL**
---
What happened to my files?
---
Many of your pictures, documents, databases and all other important files are no longer accessible, as they have been encrypted using AES-128 government grade encryption.
---
Can I recover my files?
---
Of course you can! But be quick, time is running out. (Refer to countdown clock)
You have two days (48 Hours) to deliver the payment. After payment, refer to the button, and email us the Payment Hash, along with your victim ID.
The payment will then be confirmed, and decryption key will be sent to you.
You will then have all your files back!***'

This window contains a 48-hour countdown timer and a text field where the victim can enter the decryption key. The people responsible for the VisionCrypt Ransomware attack charge $25 USD, which is less than most ransomware Trojans substantially. However, PC security researchers have not received reports of any successful decryption after paying the VisionCrypt Ransomware ransom.

Dealing with the VisionCrypt Ransomware

The best protection against the VisionCrypt Ransomware and similar ransomware Trojans is to have backup copies of all files. Having file backups on an external memory device or the cloud allows computer users to recover quickly from ransomware attacks and removes any need to pay the ransom since the affected files can be recovered from the backup copies. Apart from using a backup system, PC security researchers also advise computer users to use a reliable anti-malware application that is fully up-to-date to detect the VisionCrypt Ransomware before it carries out its attack. This, combined with safe practices when browsing the Web and handling emails, can protect most computers from the VisionCrypt Ransomware.

Trending

Most Viewed

Loading...