Home Malware Programs Ransomware VMola Ransomware

VMola Ransomware

Posted: May 24, 2017

Threat Metric

Ranking: 11,707
Threat Level: 2/10
Infected PCs: 3,202
First Seen: May 24, 2017
Last Seen: October 6, 2023
OS(es) Affected: Windows

The VMola Ransomware is a Trojan that uses a third-party website's encryption service to lock your files and displays ransoming messages asking for payment to unlock them. While free decryption solutions to this Trojan's attacks are unlikely, you still can protect your files by backing them up to another drive before an infection takes place. For users on compatible systems, anti-malware products also can provide increased protection by deleting the VMola Ransomware during any effort to compromise your PC.

The Trojan Replacing Its Payload with Help from a Website

Although it doesn't take years of programming experience to develop an application that's capable of using simple, file-encrypting features, some con artists still find the minimal effort to be excessive. For them, Trojans like the VMola Ransomware offer an expedient way to leverage attacks, particularly ones that aren't of their creation. This Trojan, newly identified by malware analysts, 'farms out' its encryption feature to the Vmola.com website.

This domain offers free data-encoding services to all visitors, with support for an enormous range of primary ciphers theoretically, including the favorite AES-256 in Cipher-Block-Chaining mode. Besides using this site for locking the files of a compromised PC, the VMola Ransomware also takes advantage of the renaming feature to encode the filenames in Base64. It also appends a '(Encrypted_By_VMola.com)' tag just before the extension. While malware experts don't see it in use right now, the VMola Ransomware also could use the site's default features for removing any extension tags.

The Trojan follows its locking of files such as documents and pictures with a newly-generated, RTF text file. The file provides the victim almost no information, except for an encryption alert and a ransom demand for 0.1 Bitcoins (equaling 235 USD at current rates) to transfer to a wallet address.

Keeping Your Fractions of Cryptocurrency to Yourself

In comparison to the ransoms of file-enciphering Trojans often attacking servers in the business sector, the VMola Ransomware gives its victims a highly 'affordable' fee for unlocking their files. However, the fee being small doesn't equate to trustworthiness on the part of the Trojan's threat actors, who can take the Bitcoins without needing to worry about refund safely, if they don't give you any decryption service. The range of encryption possibilities the VMola Ransomware may use through Vmola.com forces malware experts to continue recommending backups as the best solution for saving your data, especially if you store those copies on another server or device.

Infection methods that malware experts see with file-encoding Trojans regularly include website Exploit Kits that abuse in-browser scripts, document macros and spam e-mails. Many of these infection vectors are preventable by using secure Web-browsing settings, as well as scanning new files with appropriate security tools. Anti-malware products of respectable pedigree should be able to remove the VMola Ransomware, but decryption is less sure than disinfection significantly.

In spite of now being embraced by threat creators, Vmola.com isn't necessarily a website with only unsafe services. Encryption, like a sword, is double-edged and must be respected for both its potential benefits, as well as its capacity for harm when wielded by Trojans like the VMola Ransomware.

Loading...