VuLiCaPs Ransomware
The VuLiCaPs Ransomware is, according to the researchers who analyzed its underlying code, part of the Xorist Ransomware family. Not being unique entirely doesn't diminish the destructive capabilities of this threat, though. Once inside the targeted computer, the VuLiCaPs Ransomware wreaks havoc by encrypting the stored files with a strong cryptographic algorithm. Users would be prevented from working with their own files effectively, which could have massive consequences if they contained work-related materials such as databases or spreadsheets.
The files locked by VuLiCaPs Ransomware will have a new extension appended to their original filenames - '.VuLiCaPs.' The note from the criminals is contained in text files created in every folder with encrypted data. The name of the ransom-note files is 'HOW TO DECRYPT FILES.txt.'
The hackers demand the sum of exactly 0.1 Bitcoin, worth around $1100 at the current price of the Bitcoin cryptocurrency, to provide the necessary decryption keys to their victims. They also leave a wallet address to which the money should be sent. Only after completing the transaction are the affected users to initiate communication by sending a message to either one of the two email addresses found in the note - 'vulicapson@tuta.io' or 'vulicapson@cock.lu.' Victims of the VuLiCaPs Ransomware are not offered to send any files for free decryption.
The content on the ransom note reads:
'Hello,
All your files have been encrypted!
If you want to decrypt the files, you have to pay 0.1 bitcoin
I recommend you buy bitcoin from one of these sites:
www.localbitcoins.com
www.paxful.com
Be sure to send bitcoin to this address:
1998JZzgMRtmDDiCnyjnHWtqn5xGX1BNEZ
Immediately after sending bitcoin
contact me at these email addresses: vulicapson@tuta.io or vulicapson@cock.lu
With this subject: -
After confirming your payment, you will receive a tutorial and keys for decrypting files!
Here's another list of where to buy bitcoin:
hxxps://bitcoin.org/en/exchanges'
The message displayed by the cryptovirus is similar to ransom notes used by other similar ransomware. Most ransomware in the Xorist family use a similar outline and message. The message states that the only way for victims to get their data back is by using a specific decryption key, which only the hackers have a copy of. Unfortunately, that part of the note isn’t a lie. The decryption key is the only way to undo the damage. This key is stored on a special server only accessible by the hackers, so paying the ransom really is the only way to get the key.
The virus creators want you to pay them to return your computer back to its previous state, much like any other kind of ransomware.
With that said, you shouldn’t pay the ransom under any circumstances. There’s no guarantee that the hackers will live up to their end of the deal and supply the key as promised.
How Did VuLiCaPs Get on My Computer?
Phishing Emails
Phishing emails are among the most common infection methods for ransomware and viruses in general. Hackers send hundreds of messages to random emails. The emails are designed to look legitimate but have compromised links and attachments. Users interact with the email and infect their computer in the process.
Payload Files Delivery
The code for the virus can be injected into other files. These files are downloaded from the internet by unsuspecting users. Macro-infected documents and spreadsheets are standard payload delivery methods. These documents are created to be compatible with Office and trick the users into activating macros (built-in scripts) to view the content on the file correctly. One such script installs the virus on the computer. Another alternative is to create infected program installers. These installers are executable files that install the virus code and can be disguised as freeware programs or software updates.
Internet Services and Websites
The installation file for VuLiCaPs can be uploaded to different download portals and online communities, including chat rooms, forums, and social media. Hackers can also post links using fake and stolen accounts to make them seem more legitimate and trick users.
How to Protect Against Ransomware Attacks
One of the most important things you can do to protect against malicious programs is not to download and install software through unofficial websites and installers, third-party downloaders, and peer-to-peer networks such as torrent sites. You should always use official channels to get your software and avoid using pirated software. Illegal software is packed with "cracks" that activate the software. More often than not, these tools install malware instead of, or along with, activating the software. Programs and operating systems should be updated whenever possible, but make sure these updates come from official channels.
You should avoid interacting with website links and attachments in emails sent from suspicious and unknown addresses. There is the chance that these emails have been sent by cybercriminals to spread their malicious programs and catch you in a trap.
