Home Malware Programs Ransomware VevoLocker Ransomware

VevoLocker Ransomware

Posted: April 30, 2018

The VevoLocker Ransomware is a file-locker Trojan that specializes in blocking content associated with Web servers. Server admins can protect their domains by using strong passwords, disabling RDP features, and ensuring that all associated software is kept up-to-date. There is no currently-available, free decryptor for this threat, although having your anti-malware programs block or delete the VevoLocker Ransomware can eliminate any future loss of server data.

European Servers under Attack from New Sources

Trojans built independently from any known family, like Hidden Tear or the
Globe Ransomware
, are circulating throughout Europe with attacks targeting Web server admins, in particular. Many of the infection vectors exploit a notable vulnerability in the Drupal's content-management framework, along with the traditional abuse of RDP features. Significant victims that malware analysts can corroborate include Ukraine's Ministry of Energy and multiple servers in Denmark, all of which have their Web pages taken hostage by the VevoLocker Ransomware.

The VevoLocker Ransomware, like similar file-locker Trojans, is holding digital content hostage until the victim pays Bitcoins. However, its threat actors are configuring the VevoLocker Ransomware for attacking Web server-based content, specifically, which includes HTM and HTML pages, Cascading Style Sheets, PHP scripts, and JavaScript. The attack, effectively, locks down the server's website. Many variants of the VevoLocker Ransomware replace the Web pages with customized ransoming messages asking for 0.01 Bitcoins (ninety USD) for delivering the file-restoring decryption service.

Malware analysts also are observing significant variations among how the VevoLocker Ransomware delivers its associated extortion content, including e-mail and various social messaging services, such as Facebook. The flexibility of the extortionist communications implies that the VevoLocker Ransomware is deploying itself under Ransomware-as-a-Service or 'RaaS' style management.

How to Get Locked out of Your Servers

Many of the infection strategies the VevoLocker Ransomware displays under include specific techniques versus Drupal-based systems, such as the remote code execution glitches of Drupalgeddon2 and CVE-2018-7602. Patching your CMS software can decrease the number of vulnerabilities that the con artists can use for attacking your server. Malware analysts also encourage using conservative settings for Remote Desktop features that could help remote attackers with taking over a server and installing arbitrary software.

So far, the VevoLocker Ransomware limits its attacks to formats associated with maintaining the Web content, although similar file-locking threats are known for locking files of almost all widely-used types of data. Although the VevoLocker Ransomware's ransom is cheap, by the standards of its Black Hat industry, victims paying may not receive any form of decryption assistance for restoring their domains. Users should delete uninstalling the VevoLocker Ransomware to an appropriate anti-malware application and recover any files from the latest, non-encrypted backup.

As another wave of file-locking tactics sweeps through Europe and Asia, thanks to the VevoLocker Ransomware, all Web admins have more reasons than ever for keeping their domains safe from remote attackers. The cost of forgetting your backups, using bad passwords, and not updating an open-source CMS program is measurable in both Bitcoins and lost data.

Loading...