Home Malware Programs Ransomware VegaLocker Ransomware

VegaLocker Ransomware

Posted: February 18, 2019

The VegaLocker Ransomware is an update of the 'sprosinas@cock.li' Ransomware, a Russian file-locker Trojan that can prevent you from opening your digital media, including documents, pictures and more formats. Besides these attacks and their complementary ransoming demands, the VegaLocker Ransomware also creates fake Windows alerts. The users should ignore the warning messages and directions, have their anti-malware tools uninstall the VegaLocker Ransomware, and restore from their last backup.

Basic Observations of One Trojan's Debugging

The first appearance of the 'sprosinas@cock.li' Ransomware was one of the few examples that malware researchers have of a compromise of Comodo digital certificates, which assist with the threat's disguising itself greatly. However, its work is far from done, seemingly, and a new edition of the Trojan is in threat databases. The new version, the VegaLocker Ransomware, oddly omits the certificate, possibly temporarily, while its author tweaks other portions of the payload.

The VegaLocker Ransomware's most tangible change is the correction of a small bug that prevented it from loading a pop-up. This window mimics an error code-based warning message from the operating system. Like the other parts of the Trojan's payload, this component uses Russian text and is illegible on the systems without the appropriate character set. The other portions of the VegaLocker Ransomware's behavior appear the same as in the earlier build of the 'sprosinas@cock.li' Ransomware, which is a version number behind the VegaLocker Ransomware.

The VegaLocker Ransomware's more important functions, however, are the ones that it shares with its ancestor: locking files with encryption and delivering ransom demands at the end of the process. It locks files, such as documents and other formats, with an algorithm whose security malware experts have yet to analyze for any decryption possibilities. Unlike most Trojans of this type, the VegaLocker Ransomware doesn't add an extension or other, filename-based change to what it takes hostage. It does, however, drop a Russian ransoming message with a potentially useful 'free sample' offer.

Jamming Up a Trojan's Releases

The VegaLocker Ransomware is delivering its ransoming directions to what its author anticipates as being Russian victims, but its encryption could harm media on Windows PCs in other locations, as well. The absence of sample information relating to its infection strategies means that the VegaLocker Ransomware could compromise a system through any of numerous exploits, but spam e-mails, illicit downloading links, and brute-force attacks are likely choices. Non-Windows users should be safe from the VegaLocker Ransomware, although they remain at risk from other file-locker Trojans, like the KeRanger Ransomware.

Besides scanning files before opening them with appropriate security software carefully, the users can back their work up to other drives and devices for enhancing its safety from encryption-oriented attacks. Features such as JavaScript, Flash, Java, and Word's macros are possible vehicles for infection if the users leave them active while they're interacting with unsafe sites or documents. Most anti-malware products are unaffected by the removal of the Comodo-related content and can detect and delete the VegaLocker Ransomware just as readily as before.

The updating of the VegaLocker Ransomware is nothing but bad news, whether you're living in Russia or another country. When Trojans pretend that they're part of Windows, knowing the difference between a legitimate and a fake warning message is everyone's priority.

Loading...