Home Malware Programs Ransomware VapeLauncher

VapeLauncher

Posted: March 10, 2017

VapeLauncher is a modified version of the CryptoWire Ransomware, a Trojan that uses encryption to lock your local files and also can target some network and cloud storage services. The Trojan's symptoms include a pop-up interface for spending Bitcoins to buy a decryption key, although other means of unlocking or restoring your files always should be tried first. PC users should scan suspicious downloads for threatening content to catch and delete VapeLauncher and avoid any opportunities for encryption attacks occurring.

Vaping Your Way into Bankruptcy

Weeks have passed since malware researchers last noticed activity from the CryptoWire Ransomware or its successors, the UltraLocker Ransomware and the Lomix Ransomware. As a first for 2017, VapeLauncher is a new release from the same family, still using the same style of ransom message and means of precipitating the ransoming scenario by enciphering your files. This new Trojan's campaign uses mislabeled downloads for illicit gaming software to infect new PCs, instead of the e-mail or RDP infection vectors that con artists prefer for attacking business servers.

Although VapeLauncher isn't any better at avoiding threat-detecting heuristics than its predecessors notably, if it does infect your PC, it encrypts a variety of data formats on it. The Trojan appears to be still using the AES-256 for this purpose and also may sweep for files in any accessible network shares, peripheral devices or cloud storage accounts. A full list of all the content it locks is visible from the pop-up it generates afterward.

VapeLauncher's threat actors try to provoke ransom payments for their file-unlocking help by embedding a Bitcoin-purchase link directly into the pop-up window's UI. Although it also includes the decryption feature, victims can't access it without inputting the key code, and malware analysts have yet to see any viable, third-party decryption solutions for VapeLauncher's family.

VapeLauncher Offers New Reasons for Being Wary of Mining Too Deep

VapeLauncher is one of a small sub-group of file-encryption Trojans using fake game hacks to circulate and compromise the systems of recreational PC users. Its 'MinecraftHax' compressed archive is less susceptible to anti-malware detection than the unpacked executable. However, the risks of launching what may be a file-encrypting threat include permanent damage to the files on your hard drive frequently. Threat actors may bundle pirated software, software modified illegally and hacking tools with their threatening software, which they then can distribute on a high-traffic P2P network.

With decryption for VapeLauncher coming at a premium and always bearing the risk of its con artists failing to respond, backups endure as a stable strategy for limiting its impact and potential for harm. Keep peripheral drive-based backups unattached from any network-accessible systems and use robust, sophisticated cloud storage passwords to reduce any risk of VapeLauncher encrypting the extra copies, as well as the originals. A bare majority of anti-malware products from major software developers can identify and remove VapeLauncher accurately.

One may hope that VapeLauncher isn't just one of a series of replacements for the CryptoWire Ransomware, which is far from the most harmless of file-encrypting Trojans to date. On the other hand, there's little inconvenience in backing your data up daily to avert even a small chance of needing to pay Bitcoins for your belongings.

Related Posts

Loading...