v315 Ransomware
The v315 Ransomware is a file-locking Trojan that's a variant of the Jigsaw Ransomware. Besides blocking files with encryption, the v315 Ransomware also can delete them on a countdown or after restarting. Users should exercise care when rebooting their computers, use dedicated security services for removing the v315 Ransomware, and restore files from backups, if possible.
Snapping Another Puzzle Piece of an Ugly Picture into Place
While much a subject of interest in its early days, the Jigsaw Ransomware is no longer as threatening a specter on the threat landscape as previously. Although encryption is almost a blasé topic in PC security, the Jigsaw Ransomware family still wields it deftly, and with an additional weapon at its side. As proof of the Trojan group's ongoing relevance, one can look at the latest the v315 Ransomware.
Like other Jigsaw Ransomware derivatives, from the MR.Z3B1 Ransomware and the DeltaSEC Ransomware back to the Crypt.Locker Ransomware or the '.black007 File Extension' Ransomware, the v315 Ransomware is a Windows, .NET Framework program. Although it's not a Ransomware-as-a-Service, it operates similarly. It searches for media files like documents for blocking with encryption, adding its extension into their names, and generating advanced pop-up alerts with ransom demands.
Although the v315 Ransomware hasn't yet collected ransoms in its Bitcoin wallet, the Trojan has unique leverage against any victims of its campaign. It includes two distinct prerequisites for deleting large amounts of 'hostage' encrypted files: whenever the program restarts (automatically, with Windows reboots) and after its countdown timer hits zero. Victims are in a position where time and response to the infection can worsen or alleviate the data loss, which adds even more urgency to the extortion scenario.
Finding Better Solutions to a Trojan's Puzzle
The v315 Ransomware isn't a professionally-produced Ransomware-as-a-Service variant, and most threat actors that use the Jigsaw Ransomware make few changes to the software. AV vendor Kaspersky offers free decryption or unlocking solution to many Jigsaw Ransomware versions currently, which may remain compatible with the v315 Ransomware. However, malware experts have yet to confirm this recovery option, and, regardless, strongly encourage having backups on other PCs and storage devices as a superior alternative.
No details around current the v315 Ransomware samples suggest how it's circulating on the Web or infecting users. Windows users should avoid all-too-common infection vectors, like macro-enabled e-mail attachments, illicit torrents, or unofficial software updates. Disabling some features, like Flash and JavaScript, also is useful for Web-surfing security. Admins also can use strong passwords that block direct, brute-force attacks against their accounts.
Another vulnerability that the v315 Ransomware shares with most file-locker Trojans is a poor evasion record. Anti-malware products also should block any installation attempts or remove the v315 Ransomware when appropriate.
The name of the v315 Ransomware's family stems from a reference to cinematic storytelling and torture chamber-like traps. While encryption is a modern-day update of old-fashioned torment, the data loss from a v315 Ransomware infection is hardly less traumatizing to those experiencing it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.