Vurten Ransomware

The Vurten Ransomware is an encryption ransomware Trojan that is designed to take the victims' files hostage. The Vurten Ransomware was first released in the first week of April 2018. The Vurten Ransomware can be delivered to victims in various ways, but the most common way in which it reaches a computer is through spam email messages. Victims will receive an email message that contains a file attachment in the form of a DOC or DOCX file. These files will contain corrupted embedded macros that download and install the Vurten Ransomware onto the victim's computer. Once the Vurten Ransomware is installed, it will begin its attack by keeping the victim's files captive, to demand a ransom payment in exchange for releasing the files.

How the Vurten Ransomware Attack Works

The Vurten Ransomware's attack is similar to most encryption ransomware Trojan attacks. The Vurten Ransomware uses a strong encryption algorithm, the AES encryption, to make the victim's files inaccessible to anyone without the decryption key. The Vurten Ransomware will then deliver a ransom note demanding that the victims pay a ransom if they want to recover the affected files. The Vurten Ransomware encrypts the files in a way that makes them easy to be recognized because the Vurten Ransomware will add the file extension '.improved' to the compromised file's name. The Vurten Ransomware will target a wide variety of user-generated file types while avoiding Windows system files or executable files since threats like the Vurten Ransomware need the victim to be able to use the affected computer to read a ransom note and carry out payment. The following are the file types that are commonly targeted in attacks like the Vurten Ransomware:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Vurten Ransomware will deliver a ransom note named 'UNCRYPT.README.TXT' to the victim's computer. This text file contains the following message:

'Your entire network sensitive data was encrypted with our strong algorithm. To recover your data send $10000 to the bitcoin address: [33 CHARACTERS] If you do not send money within 7 days, payment will be increased double. After payment you will receive decryption software. contact email: vurten_knyert@protonmail[.]com'

The people responsible for the Vurten Ransomware demand a large ransom of 10,000 USD to restore the affected files. Threat researchers advise computer users to refrain from paying this amount or contacting the extortionists. In most cases, these people will not even consider helping the victims recover their files, and may ignore the victim after the payment is made, or target them for additional attacks since they've shown a willingness to pay. Furthermore, paying these ransoms allows the fraudsters to continue financing their activities and releasing new ransomware Trojans to carry out attacks on unsuspecting computer users.

Preventing a Vurten Ransomware Infection

The best way to protect your data from threats like the Vurten Ransomware is to have file backups. The backup copies allow you to restore the affected files by deleting the corrupted versions and replacing them with a backup copy. The Vurten Ransomware should be removed automatically by a security application, although it is not possible to restore files encrypted by its attack without the decryption key currently. Since the Vurten Ransomware is delivered using spam email attachments, learning to handle them safely is also essential in preventing the Vurten Ransomware attacks.