Vzlom Ransomware
The Vzlom Ransomware is a threat that is part of the Xorist malware family. The Vzlom Ransomware can impact infected systems drastically, due to the uncrackable encryption routine that it uses to lock nearly all of the victim's files. Vzlom appears to be targeting Russian or Russian-speaking users predominantly. The basis for this assumption can be found in the threat's ransom note. The ransom-demanding message is written entirely in Russian, without any translations to other languages. Furthermore, if the compromised system doesn't have the Cyrillic alphabet installed, the ransom note will be displayed as a collection of indecipherable symbols.
The Vzlom Ransomware's Details
All files affected by the threat will have '.vzlom' added to their original names as a new file extension. Next, the malware will deliver its ransom note as a text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt.' The same message will also be presented to the victim in a pop-up window.
As we said, the note is written in Russian and a rough translation shows that it lacks crucial information usually found in the messages left by other threats of the Xorist Ransomware family. For example, victims are not provided with any means through which they can contact the hackers. This makes meaningless the warning that affected users have only five tries to input the right code, before their data becoming lost forever. After all, there is no way for the victims to get the decryption code in the first place.
This also means that the main purpose of a ransomware threat - to extort the victims for money, cannot be carried out. Usually, threats that lack such core elements of the attack are released in the wild with testing purposes, and the same may be true for Vzlom Ransomware. It is highly likely that a new, fully-equipped version could be deployed in the near future.
The full text of the note in its original Russian is:
'Внимание! Все Ваши файлы зашифрованы!
Чтобы восстановить свои файлы и получить к ним доступ,
идите к мастеру и чините комп!У вас есть 5 попыток ввода кода. При превышении этого
количества, все данные необратимо испортятся. Будьте
внимательны при вводе кода!'
