VBRansom Ransomware
Posted: January 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 7 |
First Seen: | January 17, 2017 |
---|---|
OS(es) Affected: | Windows |
The VBRansom Ransomware is a Trojan that makes your files look as if it's locking them with an encryption-based cipher. Malware experts observe current versions of this threat being incomplete and incapable of a real encryption, although its developer is likely to change that in the future. Protecting your PC from attacks of this type includes both using backups regularly and uninstalling the VBRansom Ransomware with anti-malware products that can detect it immediately.
New Trojans Putting You on the Clock
Although there are numerous disadvantages to paying con artists for their help in recovering from the attacks of their Trojans, not every infection gives their victims the time needed to process the sequence of events with clarity. The VBRansom Ransomware, a Trojan caught in mid-development early in January, shows how con artists try to weigh the attack in their favor by pressuring those under attack. The Trojan is built with the intent of blocking your files and then initiating a countdown until its author destroys the available decryption solution.
Since the VBRansom Ransomware is a work in progress, current samples don't encrypt or 'lock' any files, although the Trojan does modify their names (by adding '.the VBRansom' extensions) and create a list of targeted data. Formats at risk for this version of the VBRansom Ransomware include DOC documents and some images, including JPG and PNG. In a 'release version' of the VBRansom Ransomware, the Trojan most likely will block the files by enciphering them with an algorithm, typically AES. The content then would be unreadable until you decrypt it, which requires both a decryptor app and the key that's in the threat actor's possession.
The VBRansom Ransomware also provides a pop-up message for how you can buy the decryption solution after accessing the Tor website-based ransoming infrastructure. Elements of note in this message include a short, twenty-four-hour time limit, and a threat that trying to terminate the VBRansom Ransomware will cause your computer to become unable to boot. Malware experts have yet to verify whether current builds of the VBRansom Ransomware include the latter as a built-in function, which would make the Trojan semi-unique among file-encrypting threats.
A Basic Response to Basic File Problems
The VBRansom Ransomware is a Visual Basic-coded program that is distributing itself as a fake version of Adobe PDF-reading software currently. As a probable result of its limited attack functions, most anti-malware brands have difficulty identifying this Trojan accurately, and malware experts heavily encourage that you update your security solutions, when possible, to keep them abreast of new threats. The VBRansom Ransomware may circulate via spam e-mails, torrents, or other methods that exploit safety oversights in normal Web-surfing behavior.
Since the VBRansom Ransomware doesn't encode any of your files, you can use anti-malware products for removing the VBRansom Ransomware safely and then adjust all of the extensions of targeted data as is appropriate. Readers should note that a new extension has no direct correlation with a format conversion of a file's internal data, and that enabling visible extensions, by default, provides valuable information for determining the data type of saved content.
Trojans caught while being built can be difficult to pin down to a set level of danger, but, if one is to believe the VBRansom Ransomware's extortion messages, its author intends to have a profitable future of stopping casual PC owners from accessing both their files and even the rest of their machines.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 10.69 MB (10692608 bytes)
MD5: ccc270c610aef28fea4e151db2f310c0
Detection count: 8
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 18, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.