VHDLocker Ransomware
Posted: February 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 28 |
First Seen: | February 21, 2017 |
---|---|
Last Seen: | February 28, 2020 |
OS(es) Affected: | Windows |
The VHDLocker Ransomware is a Trojan that uses the Windows BitLocker utility to lock your files, including documents and similar content so that its author can extort money. Since no known means of cracking this encryption method has been verifiable by malware experts, backing up your data to another device and preventing a VHDLocker Ransomware infection are the most dependable protections available to most PC users. The VHDLocker Ransomware is not an affiliate of previously-identified families of Trojans, and your security software may need updating to detect and remove the VHDLocker Ransomware appropriately.
Innovative Misdeed at Work against Your Files
Even with threatening software coded for the explicit purpose of attacking a PC, threat authors don't always bundle every appropriate feature into a single application. For some threat actors, anti-security solutions and payload strategies are available in alternative freeware, including, sometimes, built-in Windows programs.
The VHDLocker Ransomware has no evident relationship with other families of file-encrypting threats like the currently-active Hidden Tear or Globe Ransomware groups. As an independent threat, the VHDLocker Ransomware attacks your local data using the BitLocker feature that Microsoft provides with all modern versions of Windows. Using this application, the VHDLocker Ransomware creates a virtual drive, stores your media on it and prevents you from accessing it by blocking it with a password.
Malware experts also find some minor network activity related to the VHDLocker Ransomware, which most likely is conveying the Trojan's password to a threat actor for ransoming purposes. The VHDLocker Ransomware delivers its ransoming demands through a Notepad file it creates after encrypting your media, asking for 0.5 Bitcoins (a cryptocurrency format that prevents you from tracing or canceling the cash transfer). At 552 USD in value, the payment could be suitable for an attack campaign infecting either casual PC users or more well-funded organizations, such as a small business.
Stopping a Virtual File-Locker from Becoming a Tangible Problem
The VHDLocker Ransomware uses different means of blocking local content than most of the techniques malware experts see with current threats, like re-releases of the Globe Ransomware. Unfortunately, this encryption method is more secure than the ones in vogue with similar Trojans and is unlikely ever to see a free data recovery solution. Attacks like the VHDLocker Ransomware's payload are a strong evidence of the continuing value of having a thorough backup strategy that stores copies of your important files in locations that Trojans can't assault.
While some victims may opt for paying to recover the BitLocker password, this choice carries with it the potential of paying for nothing. Even if the VHDLocker Ransomware's author refuses to give you the promised password, any BitCoin transfers aren't compatible with traditional chargebacks. Keep your anti-malware software updated and active to improve the chances of deleting the VHDLocker Ransomware without letting the encryption occur.
This campaign is a minor case study in how Trojan authors always are looking for new, more potent ways to keep their victims from recovering from the payloads of their threatening products. Just as they work daily to improve their attacks, PC users should make it a regular habit to safeguard their files and eliminate unsafe Web-browsing behavior from their lifestyles.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.