vxCrypter Ransomware
The vxCrypter Ransomware is a file encryption Trojan that was discovered by malware researchers on March 29th, 2019. The vxCrypter Ransomware is believed to be under development at the time of writing this considering the lack of adequate code obfuscation and relatively simple encryption routine. Fortunately, detecting the vxCrypter Ransomware should not be difficult since it is far from the level of the Crysis Ransomware and the Dharma Ransomware. The vxCrypter Ransomware is dispersed to users via spam emails that carry fake invoices, misleading press releases, and unverified news from social media. Also, the threat actors behind the vxCrypter Ransomware may use the allure of nude photographs of popular personas to convince users to open a potentially threatening self-extracting archive.
The vxCrypter Ransomware Trojan may be dropped to systems as a fake driver to the C:\ProgramData\ directory and appear in the Task Manager as 'vxDriver.exe.' It is possible that the 'vxDriver.exe' file is located in a hidden folder that you may be unable to delete with the normal user account. Threats like the vxCrypter Ransomware and the Jhon Woddy Ransomware are associated with privilege escalation tactics that include DLL hijack attacks to protect their dependencies and be harder to remove. The vxCrypter Ransomware is known to attach the '.xLck' file extension to encrypted files and remove the Shadow Volume snapshots on Windows. For example, '90's Hit mix Eurodance 1 hour.mp4' is transcoded to '90's Hit mix Eurodance 1 hour.mp4.xLck' and a ransom window is shown to the user. The vxCrypter Ransomware overwrites existing data like images, audio, video, databases, text, and eBooks and generates a window titled 'vxCrypter' on the user’s screen. The message from the vxCrypter Ransomware can be found below:
'WARNING! ALL YOUR FILES ARE ENCRYPTED!
What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases, and other files are no longer accessible because they have been encrypted Maybe you are busy looking for way to recover your files, but do not waste your time. Nobody can recover your files without our decryption some
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily But you have not so enough time. You need to pay and you have only 3 days to submit payment. After that the price will be doubled Also, if you don't pay in 7 days you won't be able to recover your files forever
How Do I Pay?
Payments is accepted in Bitcoin only. For more information, dick How to buy bitcoin. Please check the current price of Bitcoin and buy some And send the correct amount to the address specified in this window below After you completed your payment, Send us an email with your bitcoin transaction id to our email address: vxbtcpro@protonmail.com
PLEASE PAY 100$ IN BITCOIN TO THE FOLLOWING ADDRESS:
1F1Aaz5x1HUXrCNLbtMDqcw6o5'
We are against paying the money to the vxCrypter Ransomware team, and you should not write to the 'vxbtcpro@protonmail.com' email address. Computer experts advise users to rebuild their data using backup images and other data backup storage media if available. Cloud storage services may attract the attention of users who keep the majority of their files in the cloud. Also, the vxCrypter Ransomware is unable to interfere with data backups that are not saved on your device. AV tools may detect the vxCrypter Ransomware under the following alert names:
Generic.Ransom.Hiddentear.A.BE98000D
HEUR:Trojan-Ransom.MSIL.Crypmodad
Malicious.693741
Malicious.693741
Malware/Win32.RL_Ransom_ramsil.R26
Malware@#1s6s4jslw0iul
Ransom.FileCryptor!8.1A7 (CLOUD)
Ransom_RAMSIL.SM
Trojan ( 00503a221 )
Trojan.Win32.Hiddentear.4!c
W32/Ransom.AJZA-4461
