Video Ransomware
The Video Ransomware is a file-locking Trojan that blocks pictures, spreadsheets, documents and other media on your computer. As a variant of the Dharma Ransomware branch of Crysis Ransomware's family, its encryption is secure, and most users should expect backups being the only, non-ransom-derived recovery option for any files. However, anti-malware software may limit the damage of an attack, block an installation exploit or remove the Video Ransomware once they detect it.
Having Your Files Turned into a Black Video
File-locker Trojans, while not stable necessarily, in terms of their cryptocurrency profits, are maintaining enough of a profit margin that threat actors continue using them by hiring preexisting Ransomware-as-a-Service kits like the Crysis Ransomware. Malware experts see no signs of the most prominent sub-group of that family, the Dharma Ransomware, abating any time soon, as all new releases derive directly from it. The Video Ransomware is a recent example out of many, near-identical brothers and sisters, which include the 2019's LDPR Ransomware, the 2018's Bizer Ransomware, the 2017's Wallet Ransomware and the ‘wisperado@india.com’ Ransomware.
The Video Ransomware adds 'video' extensions onto the filenames of what it blocks, which still consists of media content like Word's documents, Adobe PDFs, images, spreadsheets or archives. Besides the customized name that gives the threat its title, the Video Ransomware encrypts each file's internal data with AES, which it protects by encrypting the key with a secure RSA one. Then, it solicits ransoms for the only presently-viable decryption service, which is in the criminal admin's hands.
Malware researchers advise disabling all network connections immediately as a precaution. Besides limiting the Video Ransomware's external communications, going offline keeps the Video Ransomware from encrypting or deleting other files on the local network. Any Shadow Volume Copy or the System Restore information on the infected system is, generally, erased at the time of the file-locking attack.
Fast Forwarding to the End of a Video Ransomware Campaign
The Video Ransomware operates under the same, extortion-based model of making money as its many kindred, and delivers those demands for Bitcoin payment through Notepad TXTs and a pop-up in an HTA format. Besides keeping with the traditions of its family, such as anonymous e-mail boxes, deadlines, and user-friendly links to cryptocurrency information, the Video Ransomware has little of note in its pop-up alert. Users should be aware at all times that a criminal can refuse any decryption service without fearing the refund of their Bitcoins.
The nature of Ransomware-as-a-Service and third-party criminals makes the distribution methods of each, single Trojan in a family subject to potential erraticness. However, networks with bad password choices are more vulnerable to the brute-force attacks that many threat actors prefer using. E-mail and fake downloads from adult websites or torrents are possible equally. Any system with anti-malware protection should delete the Video Ransomware safely, and by default, although a criminal with a backdoor into the system always can disable security products, first.
Although the Video Ransomware's style of encryption is all but impervious to outside decryption, a backup on any device that's safe from an attack is enough to defeat it. When the alternative is paying Bitcoins and praying, it seems clear that everyone should invest in some backup plan, if only for keeping criminals from investing in their media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.