VBRansom Ransomware

The VBRansom Ransomware is a Trojan that makes your files look as if it's locking them with an encryption-based cipher. Malware experts observe current versions of this threat being incomplete and incapable of a real encryption, although its developer is likely to change that in the future. Protecting your PC from attacks of this type includes both using backups regularly and uninstalling the VBRansom Ransomware with anti-malware products that can detect it immediately.

New Trojans Putting You on the Clock

Although there are numerous disadvantages to paying con artists for their help in recovering from the attacks of their Trojans, not every infection gives their victims the time needed to process the sequence of events with clarity. The VBRansom Ransomware, a Trojan caught in mid-development early in January, shows how con artists try to weigh the attack in their favor by pressuring those under attack. The Trojan is built with the intent of blocking your files and then initiating a countdown until its author destroys the available decryption solution.

Since the VBRansom Ransomware is a work in progress, current samples don't encrypt or 'lock' any files, although the Trojan does modify their names (by adding '.the VBRansom' extensions) and create a list of targeted data. Formats at risk for this version of the VBRansom Ransomware include DOC documents and some images, including JPG and PNG. In a 'release version' of the VBRansom Ransomware, the Trojan most likely will block the files by enciphering them with an algorithm, typically AES. The content then would be unreadable until you decrypt it, which requires both a decryptor app and the key that's in the threat actor's possession.

The VBRansom Ransomware also provides a pop-up message for how you can buy the decryption solution after accessing the Tor website-based ransoming infrastructure. Elements of note in this message include a short, twenty-four-hour time limit, and a threat that trying to terminate the VBRansom Ransomware will cause your computer to become unable to boot. Malware experts have yet to verify whether current builds of the VBRansom Ransomware include the latter as a built-in function, which would make the Trojan semi-unique among file-encrypting threats.

A Basic Response to Basic File Problems

The VBRansom Ransomware is a Visual Basic-coded program that is distributing itself as a fake version of Adobe PDF-reading software currently. As a probable result of its limited attack functions, most anti-malware brands have difficulty identifying this Trojan accurately, and malware experts heavily encourage that you update your security solutions, when possible, to keep them abreast of new threats. The VBRansom Ransomware may circulate via spam e-mails, torrents, or other methods that exploit safety oversights in normal Web-surfing behavior.

Since the VBRansom Ransomware doesn't encode any of your files, you can use anti-malware products for removing the VBRansom Ransomware safely and then adjust all of the extensions of targeted data as is appropriate. Readers should note that a new extension has no direct correlation with a format conversion of a file's internal data, and that enabling visible extensions, by default, provides valuable information for determining the data type of saved content.

Trojans caught while being built can be difficult to pin down to a set level of danger, but, if one is to believe the VBRansom Ransomware's extortion messages, its author intends to have a profitable future of stopping casual PC owners from accessing both their files and even the rest of their machines.

Technical Details