Home Malware Programs Ransomware VuLiCaPs Ransomware

VuLiCaPs Ransomware

Posted: September 16, 2020

The VuLiCaPs Ransomware is a file-locking Trojan from the Xorist Ransomware family, whose name refers to the encryption method it uses for blocking files. Appropriately-secure backups will nullify most issues from infections, such as losing access to one's digital media. Compatible anti-malware services for Windows environments also will identify and remove the VuLiCaPs Ransomware in nearly all cases.

A Poisoned Dose of TEA (or XOR) for All Your Files

The Xorist Ransomware is not nearly as visibly expansionist as most Trojans families that share its motives and methods but is no less threatening for its lower profile. As new versions like the VuLiCaPs Ransomware join their long-grown relatives like the GlUTe Ransomware, the Repair_data@cryptmail.com Ransomware, the YaKo Ransomware, and the ZaCaPa Ransomware, their campaigns reaffirm the need for backups as anti-ransoming measures continually. Fortunately, according to conclusions that malware experts draw from its cryptocurrency transactions, the VuLiCaPs Ransomware has yet to make any money from its attacks.

The VuLiCaPs Ransomware origin from a free Trojan-building utility makes its threat actor's identity a highly speculative subject. Malware experts can't confirm attacks focusing on any particular region or demographic. The Windows Trojan can block most files on the user's PC (excepting, as always, OS-critical ones) with either TEA or XOR encryption, at the attacker's choice. The added 'VuLiCaPs' extension, specific to this campaign, offers victims a way of identifying the hostage media without failing to open each file in turn.

The Trojan uses an English-language text note for its ransom demands, which aren't inconsiderable. A conversion from Bitcoin prices the threat actor's unlocking help at just over one thousand USD. The Trojan's wallet, while not unused, has no transactions matching such payment strictly, for now. Malware experts highly recommend keeping the Trojan's campaign unprofitable, limiting the chances of the Trojan's future distribution to more victims.

Removing the Bite of Ransoms from a Taste of Trojans

Users can consider copying any encrypted files and testing these duplicates with freeware decryptors, such as the tool available through Kaspersky. Still, malware experts recommend against presuming that decryption is possible since this assumption risks one's files and data against an attack that even modest programming skills can secure inherently. Windows users should take care of backing their work up to other devices, when possible, such as Web-based cloud storage or removable USBs, DVDs, etc.

Current analyses of the VuLiCaPs Ransomware suggest that it uses some UPX packing for hiding itself but that this alone is ineffectual. Users can further harden their defenses against threats by rejecting illicit download resources, deactivating threatening features like Word macros or browser JavaScript, and scanning new files for threats. Password safety also is vital for businesses whose servers might contain ransom-appropriate data, and well-chosen login credentials will block nearly all dictionary-style hacks.

Since the deflection around its identity is minimal, many anti-malware programs will flag this threat and delete the VuLiCaPs Ransomware without problems automatically. Blocking an infection this way is the best chance of preventing any encryption, which isn't reversible by any traditional cyber-security products directly.

The give-and-pull between 'free' Trojans like VuLiCaPs Ransomware's Xorist Ransomware and Ransomware-as-a-Services continues. What's not in doubt is that both threats rely on victims paying, and alternatives to ransoms, like backups, will never relinquish their importance.