VIVELAG Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | January 19, 2011 |
Last Seen: | July 9, 2020 |
OS(es) Affected: | Windows |
Malware analysts have spotted a new ransomware threat, which appears to target French users mostly. The goal of this data-locking Trojan is to encrypt the files on the users' computers and then extort them for $250. Fortunately, the VIVELAG Ransomware is a rather low-quality threat that does not implement a complex and secure encryption algorithm. Security researchers have obtained a decryption key successfully, which will help the victims of the VIVELAG Ransomware to recover their encrypted data – '052250058205075025075207820.'
Propagation and Encryption
The creators of the VIVELAG Ransomware are likely to use a variety of tricks and techniques to propagate this file-encrypting Trojan. Authors of ransomware threats often use bogus social media accounts and pages, torrent trackers, fake software updates and downloads, malvertising, fake pirated copies of popular applications, phishing emails, etc. Once your computer gets infiltrated by the VIVELAG Ransomware, the threat will begin its encryption process. The VIVELAG Ransomware will likely go after documents, images, presentations, spreadsheets, audio files, videos, databases, archives, etc. The locked files will be marked with an additional extension. The extension appended by the VIVELAG Ransomware is '. VIVELAG.' This means that a file that was named 'mascarpone-dessert.mov' initially will be renamed to 'mascarpone-dessert.mov.VIVELAG' after the completion of the encryption process.
The Ransom Note
The VIVELAG Ransomware will drop a ransom note on the infected host. The VIVELAG Ransomware's ransom note appears in a new window on the user's system. The new window is titled '#LAG.' The ransom message is written in French entirely. The attackers demand to be paid $250 in Bitcoin, as using cryptocurrency will help them protect their identities. Right below the ransom message is a field where the user is meant to fill in the decryption key. As we already mentioned, thanks to cybersecurity experts, users who have fallen victim to the VIVELAG Ransomware simply have to fill in '052250058205075025075207820' in the field. This will result in all their data being decrypted successfully.
It is never advisable to pay cybercriminals, and, thankfully, if the VIVELAG Ransomware has affected your files, you do not need to contact the authors of the threat. To make sure you do not fall victim to a nastier ransomware threat, make sure you obtain a genuine anti-virus solution that will protect your data and your PC.