Threat Database Ransomware VIVELAG Ransomware

VIVELAG Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: January 19, 2011
Last Seen: July 9, 2020
OS(es) Affected: Windows

Malware analysts have spotted a new ransomware threat, which appears to target French users mostly. The goal of this data-locking Trojan is to encrypt the files on the users' computers and then extort them for $250. Fortunately, the VIVELAG Ransomware is a rather low-quality threat that does not implement a complex and secure encryption algorithm. Security researchers have obtained a decryption key successfully, which will help the victims of the VIVELAG Ransomware to recover their encrypted data – '052250058205075025075207820.'

Propagation and Encryption

The creators of the VIVELAG Ransomware are likely to use a variety of tricks and techniques to propagate this file-encrypting Trojan. Authors of ransomware threats often use bogus social media accounts and pages, torrent trackers, fake software updates and downloads, malvertising, fake pirated copies of popular applications, phishing emails, etc. Once your computer gets infiltrated by the VIVELAG Ransomware, the threat will begin its encryption process. The VIVELAG Ransomware will likely go after documents, images, presentations, spreadsheets, audio files, videos, databases, archives, etc. The locked files will be marked with an additional extension. The extension appended by the VIVELAG Ransomware is '. VIVELAG.' This means that a file that was named 'mascarpone-dessert.mov' initially will be renamed to 'mascarpone-dessert.mov.VIVELAG' after the completion of the encryption process.

The Ransom Note

The VIVELAG Ransomware will drop a ransom note on the infected host. The VIVELAG Ransomware's ransom note appears in a new window on the user's system. The new window is titled '#LAG.' The ransom message is written in French entirely. The attackers demand to be paid $250 in Bitcoin, as using cryptocurrency will help them protect their identities. Right below the ransom message is a field where the user is meant to fill in the decryption key. As we already mentioned, thanks to cybersecurity experts, users who have fallen victim to the VIVELAG Ransomware simply have to fill in '052250058205075025075207820' in the field. This will result in all their data being decrypted successfully.

It is never advisable to pay cybercriminals, and, thankfully, if the VIVELAG Ransomware has affected your files, you do not need to contact the authors of the threat. To make sure you do not fall victim to a nastier ransomware threat, make sure you obtain a genuine anti-virus solution that will protect your data and your PC.

Trending

Most Viewed

Loading...