VIVELAG Ransomware DescriptionType: Ransomware
Malware analysts have spotted a new ransomware threat, which appears to target French users mostly. The goal of this data-locking Trojan is to encrypt the files on the users' computers and then extort them for $250. Fortunately, the VIVELAG Ransomware is a rather low-quality threat that does not implement a complex and secure encryption algorithm. Security researchers have obtained a decryption key successfully, which will help the victims of the VIVELAG Ransomware to recover their encrypted data – '052250058205075025075207820.'
Propagation and Encryption
The creators of the VIVELAG Ransomware are likely to use a variety of tricks and techniques to propagate this file-encrypting Trojan. Authors of ransomware threats often use bogus social media accounts and pages, torrent trackers, fake software updates and downloads, malvertising, fake pirated copies of popular applications, phishing emails, etc. Once your computer gets infiltrated by the VIVELAG Ransomware, the threat will begin its encryption process. The VIVELAG Ransomware will likely go after documents, images, presentations, spreadsheets, audio files, videos, databases, archives, etc. The locked files will be marked with an additional extension. The extension appended by the VIVELAG Ransomware is '. VIVELAG.' This means that a file that was named 'mascarpone-dessert.mov' initially will be renamed to 'mascarpone-dessert.mov.VIVELAG' after the completion of the encryption process.
The Ransom Note
The VIVELAG Ransomware will drop a ransom note on the infected host. The VIVELAG Ransomware's ransom note appears in a new window on the user's system. The new window is titled '#LAG.' The ransom message is written in French entirely. The attackers demand to be paid $250 in Bitcoin, as using cryptocurrency will help them protect their identities. Right below the ransom message is a field where the user is meant to fill in the decryption key. As we already mentioned, thanks to cybersecurity experts, users who have fallen victim to the VIVELAG Ransomware simply have to fill in '052250058205075025075207820' in the field. This will result in all their data being decrypted successfully.
It is never advisable to pay cybercriminals, and, thankfully, if the VIVELAG Ransomware has affected your files, you do not need to contact the authors of the threat. To make sure you do not fall victim to a nastier ransomware threat, make sure you obtain a genuine anti-virus solution that will protect your data and your PC.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.