vxCrypter Ransomware
The vxCrypter Ransomware is a file-locking Trojan that holds your documents and other media for ransom while it shows a Bitcoin-demanding pop-up window. The in-progress version of this threat may delete some formats instead of locking them. Users should have their anti-malware tool of choice delete the vxCrypter Ransomware immediately after identifying a possible infection and restore their files from backups.
A Trojan Comes Back from Its Two Year Vacation
The long-ago analysis of the VXLOCK Ransomware back in 2017 is backing off for malware researchers unexpectedly, with a new variant of the threat in development. The vxCrypter Ransomware is unfinished but, already, shows indisputable evidence of its threat actor's intentions of blocking over fifty file types and ransoming them with a suitably old-fashioned pop-up warning. Any freeware unlocking solutions for the final version of the vxCrypter Ransomware are, unfortunately, strictly theoretical.
Theoretically, the vxCrypter Ransomware uses the AES encryption for locking the user's files and, then, the RSA for keeping the content from being too easily recoverable. This attack affects numerous formats, of which, malware experts are confirming AVI movies, ZIP archives, HTML Web pages, Word DOC documents and dozens of others. The 'xLck' extension that it adds is the easiest way of separating the vxCrypter Ransomware infections from those of its ancestor, which appends a different string, although this doesn't change the encryption complexity.
A glitch with the current build of the vxCrypter Ransomware is its 'cleanup' process, which handles the deleting of duplicates of the encrypted files. A bug in the payload can cause the vxCrypter Ransomware's deletion of the previously-mentioned formats instead of locking them securely. Whether or not users could recover this erased media through Windows Restore Points or tools like ShadowExplorer is under investigation.
The Welcome Mat on a vxCrypter Ransomware Infection
Besides the prospect of finding their files not opening, victims of the vxCrypter Ransomware infections can identify an attack by the interactive warning message that it launches similarly. This pop-up uses an old style of ransoming warning that provides English instructions for paying Bitcoins and, in return, getting the decryptor for recovering their files. However, criminals always can take the money (currently at one hundred USD equivalent) without giving any service, and malware experts recommend against paying whenever any other solutions are possible.
The filenames that malware experts are connecting to the vxCrypter Ransomware installers imply that it could be pretending that it's a driver update for legitimate programs. This tactic is a prominent one among compromised advertising networks and free-downloading websites without appropriate security. Anti-malware products should detect and delete the vxCrypter Ransomware from the outset, and users can lower their vulnerability by avoiding risky browser features like JavaScript.
The vxCrypter Ransomware may be two years in the making but needs more time, still, for completing itself. Hopefully, any readers will have appropriate protection for their digital media by the time it's done 'cooking.'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.