Voom Ransomware

Voom Ransomware Description

A variant from the nefarious STOP/Djvu family, the Voom ransomware threat aims to lock users out from accessing their own files. The threat would be stealthily delivered to the user's computer, where it would initiate an encryption process utilizing a strong cryptographic algorithm. As a result, nearly all of the files stored on the infected machine will be rendered completely unusable.

One of the more distinctive characteristics of an attack involving the Voom Ransomware is the change of the original names of all locked files. Indeed, the threat will append '.voom' as a new extension to all encrypted data. The goal of the threat actors is to extort money from their victims and a list of instructions will be dropped on the system as a text file named '_readme.txt.'

Ransom Note's Overview

In general, the ransom note delivered by the Voom Ransomware follows closely the pattern established by other STOP/Djvu variants. The hackers state that they want to receive a ransom of $980 if they are to provide any assistance in the restoration of the locked data. Apparently, the amount of the ransom can be reduced by 50% with the only mentioned requirement being that victims contact the attackers in the first 72 hours of the infection.

The cybercriminals also state that they are willing to decrypt a single locked file for free, as a demonstration of their ability to restore all affected data. Victims can find two email addresses and a Telegram account in the note and use them as potential communication channels. The main email address is 'restorealldata@firemail.cc,' the reserve one is 'gorentos@bitmessage.ch,' and the Telegram account is '@datarestore.' Keep in mind that contacting the hackers could expose victims to additional security risks.

The full text of the ransom note is:

'ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
restorealldata@firemail.cc

Reserve e-mail address to contact us:
gorentos@bitmessage.ch

Our Telegram account:
@datarestore

Your personal ID:'