Vapor Ransomware
The Vapor Ransomware is a file-locker Trojan that encrypts your media and ransoms the decryption key. This threat, similarly to Jigsaw Ransomware, also includes interactive pop-ups and a data-deleting function that triggers once its countdown expires. Users should be careful about restarting their PCs in ways that could risk re-launching this threat and recover from backups or freeware decryptors after removing the Vapor Ransomware with their preferred anti-malware service.
The Ransom-Based Trojans that Toss Their Captives Overboard Happily
Some file-locking Trojans using additional, deletion-based features for incentivizing the ransoming payments of any victims is a trend that has yet to die, after having started with such threats as the notorious Jigsaw Ransomware. A new group of low-budget threat actors, using GitHub as their hosting resource, is offering its clientele another variant on this theme: the Vapor Ransomware. Unlike the Jigsaw Ransomware, it doesn't use a loop-based method for erasing data, but it does keep the countdown element.
The Vapor Ransomware's threat actors, 'DeaDHackS,' also, are experimenting with an exploit kit, a small-scale spyware application that focuses on collecting login credentials, script injectors and backdoor Trojans. Some of these threats may facilitate the Vapor Ransomware's installation by non-consensual or exploitative means, such as infecting users after they browser an unsafe site that's compromised by the Hepheastus [sic] Exploit Kit. Once it gains access to the PC, the Vapor Ransomware starts locking media files, such as documents and pictures, and appending '.Vapor' extensions to their names.
The data-wiping part of the Vapor Ransomware's payload only affects the files that it's encrypting and has a complete integration into the threat's pop-up ransom note. This message gives all of the ordinary details for negotiating with the criminal over a decryption code for unlocking your files. However, it also has a timer, which, malware experts are confirming, causes the Vapor Ransomware to begin deleting all locked files once it hits zero. While the Vapor Ransomware doesn't do so upon restarting (such as after a reboot), it will encrypt the same data a second time, thereby making them unrecoverable.
Waving Off a Ransom-Filled Vapor
Users who avoid re-loading the Vapor Ransomware a second time carefully and act quickly have good chances of saving their media. The Vapor Ransomware, unlike most of the RaaS industry's families, like the Crysis Ransomware or the Scarab Ransomware, uses a non-secure algorithm for encrypting the files. Contacting a cyber-security specialist with experience versus file-locking Trojans can help with developing a free decryptor relatively promptly and allow the unlocking of your work for free.
Since threats of this category tend to receive updates to their locking routines, malware experts, however, recommend always having backups of your work on separate devices. Users also should update their software with the appropriate security patches, disable unsafe content like document macros or website scripts, and use robust logins for their servers regularly. Most anti-malware programs are experiencing no problems with removing the Vapor Ransomware safely.
DeaDHackS offers a false choice of two evils by giving the victim the options of paying ransoms or watching the wiping of their files. However, when it comes to cyber-crime, there is a third option for anyone who doesn't panic usually.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.