Vurten Ransomware

The Vurten Ransomware is a Trojan that uses encryption to lock your files and stop them from opening. In addition to damaging your local data, the Vurten Ransomware also creates messages asking for Bitcoin payments for giving you its decryption solution. Malware experts recommend seeking other recovery options, when possible, along with having a dedicated anti-malware product isolate or delete the Vurten Ransomware from your computer.

Networks Held Hostage for Bags Bitcoins

A new Trojan is targeting the data of business, government and NGO networks by using encryption as a hostage-taking mechanism. Although this style of attack against digital media isn't new, the Vurten Ransomware is confident enough in its methods to demand the equivalent of thousands of dollars of ransom money. Interestingly, although its notes are in English, malware experts are noting details of its components that are implicative of the Vurten Ransomware's threat actor being a non-native speaker of the language.

The Vurten Ransomware employs an as-of-yet-unknown encryption method, such as dual AES and RSA, for locking various files on any PC that it infects. It may target documents, spreadsheets or other forms of databases, pictures, archives or Web pages, among other possibilities. Some variants of the Vurten Ransomware also may add changes to the names of every encrypted file, such as converting 'flower.jpg' into '.flower.jpg.locked.' The user should expect no symptoms associated with this attack until after their data changes into non-opening versions.

The Notepad ransoming message that the Vurten Ransomware also creates for its victims includes mostly-standard instructions and displays both a Bitcoin address for receiving any payments and an e-mail for contacting the threat actor. However, by asking for ten thousand dollars in Bitcoins, the Vurten Ransomware makes itself into one of the most expensive file-locking Trojans to date. A variety of grammar issues also cause malware experts to speculate of the Vurten Ransomware's threat actor being a non-native speaker. One possible clue of his or her nationality is that the e-mail address does include a word in Bulgarian, from which the Vurten Ransomware takes its name.

A Bitcoin-Free Data Recovering Strategy

The extremely costly ransom of the Vurten Ransomware is one that its victims may pay without realizing that Bitcoins have no built-in protections against fraud. Con artists often use Bitcoins, and other cryptocurrencies, for making money without needing to give the users they attack any access to a legitimate or non-buggy decryption service. Additionally, some forms of encryption aren't reversible, and malware experts advise using backups as a default defense against these attacks.

Several techniques are more likely than others for infecting a business or government, or non-governmental organization's network:

• The threat actors may compromise a network's login by brute-forcing their way through weak account names and passwords. Using complex, lengthy, and unusual combinations can help defend your logins against a brute-force app.
• Spam e-mails also are a traditional infection vector for file-locking Trojans who specialize in attacking networks. Many campaigns customize the contents of these messages and their attachments so that they resemble non-hazardous documents, such as a package delivery notice.

Unless the threat actors introduce the Trojan via manual means, most anti-malware products should identify and remove the Vurten Ransomware without requiring any intervention from the PC's user.

The Vurten Ransomware is, most likely, bolder in its ransoming efforts than its cryptography complexity justifies. However, it doesn't take a genius to code a program that destroys or 'locks' a file permanently, and anyone with thousands of dollars in data should keep that fact thoroughly in mind.