Vortex Ransomware

Vortex Ransomware Description

Type: Ransomware

The Vortex Ransomware infection is designed to target computer users in Poland. The Vortex Ransomware was first observed on March 9, 2017, and carries out a typical ransomware attack on infected computers. The Vortex Ransomware has been linked to two executable files on infected computers, which may be named 'AESxWin.exe' or 'polish.exe.' The most common way of distributing the Vortex Ransomware is through the use of corrupted email attachments that may be delivered using spam email messages. The Vortex Ransomware is installed on victim's computers by tricking them into opening a corrupted text document that uses macros to execute corrupted code on the infected computer. These files may be associated with social engineering techniques used to trick computer users into opening the file attachment. Opening the file reveals a blank page with a yellow message that reads 'Please, enable macro to load the document properly.' Of course, enabling macros (if they are not already enabled), allows the Vortex Ransomware to be installed and carry out its attack.

This Vortex will Prevent You from Accessing Your Files

The Vortex Ransomware scans the victim's computer and determines which files will be encrypted. The Vortex Ransomware uses the AES 256 encryption to make the victim's files inaccessible completely. The Vortex Ransomware connects to a Web API to generate a random password that is 40 characters long for every infected computer. The Vortex Ransomware will encrypt the following file types on the infected computer:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The files affected by the Vortex Ransomware encryption routine will be marked with the addition of the extension '.aes' to the end of the files' names. The Vortex Ransomware will drop a file named 'ODZSZYFRUJ-DANE.txt,' which translated into Polish means 'DECRYPT-DATA.txt.' This file, located on the victim's Desktop, asks the victim to pay $199 USD using BitCoins. The message is written in Polish, and can be translated as follows:

'the Vortex Ransomware
You can not find the necessary files on your hard drive? The contents of your files do not open?
This is a result of the program that encrypted the most of your data using strong algorithm aes-256 a minute ago. The uniformed service for disguising data transmitted electronically.
The only way to recover your files is buying a decryption program from us, with a single unique key generated for you!
Once you choose to recover your data, please contact us at e-mail: rsapl@openmailbox.org or poiskiransom@airmail.cc
2 Files Decrypted for free to prove that we are able to do so, for the rest, unfortunately, you have to pay!
Price for decryption of all files: $199
Warning! Do not waste your time, time is money for 4 days price will increase by 100%!
IP = [YOUR IP ADDRESS]
ID = [RANDOM CHARACTERS]'

Dealing with the Vortex Ransomware

Although the Vortex Ransomware is targeting Polish-speaking computer users clearly, it is not unlikely that computer users in other parts of the world will also be targeted by this attack. Malware analysts have the same advice for dealing with the Vortex Ransomware as with any other of the countless encryption ransomware Trojans that are active currently: computer users should refrain from following the instructions in the ransom note or paying the ransom amount. Instead, it will be necessary to recover the affected files from a backup after removing the Vortex Ransomware infection itself with the help of a reliable security program that is fully up-to-date.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Vortex Ransomware

File System Details

Vortex Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 a8of2bn.exe 0cea7e11e74c008ea7d421293bc581b7 2
2 msdll32.exe 78ba965786d451367c2542111541a591 2
3 file.exe 31329543947f1ee13ce020c826fb4af5 0
More files

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.