Vtua Ransomware
Another threatening variant spawned from the extremely prolific STOP/Djvu Ransomware family has been spotted in the wild by infosec researchers. This new threat is named Vtua Ransomware and the main difference between it and the other threats from this family is the extension it uses to mark the encrypted files - '.vtua.' In all other aspects, the threat is virtually identical to the rest of the STOP/Djvu variants. However, that in no way diminishes its capacity to cause destruction.
Systems infected by the Vtua Ransomware will experience data encryption with a significant number of file types being rendered inaccessible and unusable. Victims will no longer be able to open their photos, images, PDFs, archives, databases and more. When the encryption process has been completed, the threat will generate a new text file named '_readme.txt' carrying its ransom-demanding message.
Ransom Note's Overview
The ransom note delivered by the Vtua Ransomware deviates little from the messages observed in other STOP/Djvu threats. Victims will be told that the only way to restore their locked data is by paying a ransom of exactly $980 to the attackers. After the money has been received, they will be sent the necessary decryption key and software tool.
The typical for this ransomware family offer to reduce the amount of the ransom by 50% also is present here. The only requirement to drop the payment down to $490 is for the affected users to establish contact with the hackers within the first 72 hours of the ransomware attack. Victims can use the two emails addresses provided in the note - 'manager@mailtemp.ch' and 'supporthelp@airmail.cc.'
The full text of the ransom note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-xl2bbDnZSN
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
manager@mailtemp.ch
Reserve e-mail address to contact us:
supporthelp@airmail.cc
Your personal ID:'
