Versiegelt Ransomware
Posted: November 2, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | November 2, 2016 |
|---|---|
| Last Seen: | April 14, 2022 |
| OS(es) Affected: | Windows |
The Versiegelt Ransomware is a Trojan that encrypts and renames your files so that it can extort a ransom payment. Backups can help PC owners keep their data from being damaged by threats of this classification and offer more reliable recovery options than paying an extortionist's ransom fee. You also can protect your PC by keeping anti-malware software to remove the Versiegelt Ransomware before it scans and encrypts your files, an attack that may not display any symptoms.
A Fresh Trojan's Stamp Sealing Your Belongings
When it comes to taking money under duress, one of the easiest strategies threat authors have is to threaten the contents of an already-compromised PC. For this reason, along with the help of third-party threat actors offering toolkits and administration panels, malware researchers see new threats like the Versiegelt Ransomware appearing daily. This Trojan targets German-speaking PC users with its ransom messages, although others are conducting equally-recent campaigns against English speakers, Russians and even residents of Bangladesh.
The Versiegelt Ransomware uses AES encryption for encoding your files and ciphering their data, stopping them from opening. As in common to most file-encrypting Trojans, the Versiegelt Ransomware also uses an extension customized for its campaign ('.Versiegelt') to help its victims identify the encoded data. It also may rename the files by overwriting the original names with alphanumeric characters (such as turning 'flower.jpg' into '1.Versiegelt').
The Versiegelt Ransomware's profits come from the advanced HTML pop-up message it launches after encoding the PC's contents. Through this pop-up, the Trojan asks for a 100 Euro-sized payment in Bitcoins for providing data recovery, with the transaction handling through a built-in Web UI. The use of Bitcoin helps guarantee the anonymity of the transaction and stops victims from retrieving their money in cases where the con artist goes back on his word.
Cracking the Seal of Another Threat Campaign
The Versiegelt Ransomware campaign's pop-up window employs a format malware experts see in other campaigns, most famously, the file-deleting Jigsaw Ransomware. However, the Versiegelt Ransomware shows no capacity for erasing content based on an expiring timer, and malware experts can't confirm any significant links between the Versiegelt Ransomware and similar threats. While there may be no rush to delete the Versiegelt Ransomware to avoid other consequences, the presence of non-compromised backups may be a necessity for achieving recovery without paying the ransom demand.
Although its German name translates to 'sealed,' the Versiegelt Ransomware offers a far more robust form of message-locking technology than wax or glue. Because of the absence of a free decryption tool for the Versiegelt Ransomware, PC owners without protection from this threat's installation exploits may be incapable of recovering the encrypted data. However, standard anti-malware programs can remove the Versiegelt Ransomware beforehand.
The Versiegelt Ransomware is another case of a linguistically-customized threat that represents a security hazard to PC owners in particular nations. PC owners in Germany, or regions speaking the German language, should consider the possibility of infection vectors 'dressing up' for their locales, up to tailoring the business references of any spam email spam.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.