VHD Ransomware
The VHD Ransomware is a file-locking Trojan without any known family, although its ransom message resembles some similar threats in circulation. The VHD Ransomware can endanger your files by blocking them with encryption that may not be reversible, along with related symptoms and attacks. Users having a safely-segregated backup is critical for recovering dependably, although most anti-malware programs encounter minimal problems with blocking or removing the VHD Ransomware.
More than Just a Virtual Computer Problem
A file-locking Trojan that's outside of the known Ransomware-as-a-Services and free sources is in the wild and extorting victims on Windows PCs. The messages it leaves aren't very different from those of the Scarab Ransomware, the Globe Ransomware, and other RaaSes. Still, the VHD Ransomware uses a different encryption method along with its visually-copying attacks. For now, users' most apparent identifying symptom that sets the VHD Ransomware apart from any competing Trojan is nothing more than the extension it chooses to use.
The VHD Ransomware's extension is part of the signifier that it adds to filenames for showing victims which content it's encrypting and block (for instance, 'picture.jpg' becoming 'picture.jpg.VHD'). Its ransom note, a text file, doesn't provide any reasoning behind the acronym, although malware analysts speculate that could stand for 'virtual hard drive' – a Microsoft virtual HDD format. As usual, the resemblance between blocked files to the data type is only a superficial one. No data conversion takes place beside the encryption, which will keep media from opening, no matter what their extensions display.
Malware researchers only find versions of the VHD Ransomware on Windows OSes, although the Trojan shows the usual compatibility with modern builds like Windows 7 and 10. Although a comprehensive list of which formats it affects isn't available, readers can anticipate the VHD Ransomware's blocking documents, pictures, archives, music, and other recreational or workplace-related media – but not the essential operating system.
Pushing Independent Businessmen Out of a Trojan Black Market
The VHD Ransomware includes a traditional feature for deleting the Shadow Volume Copies and, by doing so, preventing users from recovering from Windows Restore Points. Such a supplementary attack is one that users can expect of most file-locking Trojans, including the similarly-independent SepSys Ransomware and the Prometey Ransomware, or the vast Hidden Tear and the Crysis Ransomware families. Additionally, the Trojan may scan network shares for encryption-vulnerable backups, which is why secure backup storage is crucial for guaranteeing any restoration of blocked content.
Although the VHD Ransomware's campaign is in the early stages of its circulation, users are most likely to expose themselves through well-known infection vectors that many Trojans of this classification share. E-mail is noteworthy, both in terms of fraudulent attachments and Web links especially. Nonetheless, spam e-mails and spear-phishing aren't the exclusive means of infection for file-locking Trojans, which also may abuse torrents, malvertising and a variety of Exploit Kits.
Windows users are under a near-continuous barrage of encryption-based attacks, thanks to their lack of adhering to the basics of browser security protocols and backup recommendations. Anyone getting taken in by the VHD Ransomware's Bitcoin-hungry extortion has to ask themselves if they aren't, in some small way, to blame partially for this problem's continuing existence.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.