Home Malware Programs Ransomware VAGGEN Ransomware

VAGGEN Ransomware

Posted: October 21, 2020

The VAGGEN Ransomware is a file-locking Trojan that blocks media such as documents through encrypting it. Symptoms that accompany its attacks include ransom notes, hijacked desktop backgrounds, new extensions and pop-ups. Users should always invest in backups to maintain a recovery solution against data encryptors and traditional PC security products that should flag and delete the VAGGEN Ransomware.

Files Cradled in the Cold Hands of Fake Police

A file-locking Trojan that's asking for under a hundred USD in ransoms might be another case of a 'fake police' style threat, similar to the Policia Federal Virus or the 'Serviciul pentru Intervenţii şi Acţiuni Speciale' Ransomware. The VAGGEN Ransomware, which is in many ways a throwback to older philosophies of Trojan design, displays potentially-misleading pop-ups while also attacking the user's files and taking them hostage. As such, its campaign is representative of the importance of not taking any software at face value.

The VAGGEN Ransomware's executable is circulating with the Swedish word for 'police' as its name, with other internal strings also suggesting a European linguistic focus. However, its payload is English-oriented, with a wallpaper (not yet examined by malware experts), pop-up window and text ransom note. The overall message is simple: pay eighty USD in Bitcoins or make peace with never again opening the files that the VAGGEN Ransomware encrypts.

Automatic encryption routines and with essentially-impenetrable security are familiar to most file-locking Trojans. The same goes for the VAGGEN Ransomware's addition of extensions – in this campaign, using a Swedish word that roughly translates to 'the cradle.' The police theme is one that's falling out of favor among threats of this type but shows that the VAGGEN Ransomware may tailor its warning messages for looking like they're from the victim's local law enforcement after geo-locating the system's IP address.

Refusing a Data Arrest from Fraudulent Officers

The VAGGEN Ransomware places most media files, such as documents, pictures, and audio, at risk for encryption that may not be reversible. Since the Trojan has no apparent links to previous threats, malware researchers are hesitant to estimate the chances of a free decryptor's availability but always recommend non-ransom-based data recovery paths. Users who save their valuable files to removable storage or a secure cloud service are immune to extortion from the VAGGEN Ransomware infections.

Both the theme of the VAGGEN Ransomware's campaign and its ransom imply that home users are the targets in mind, instead of corporate entities with tighter security – and larger wallets. Users should avoid illicit downloads at all times, scan new files before opening them, check passwords for weaknesses, and consider disabling the riskier browser and document reader features. The latter include Flash, Java, JavaScript, and macros (off by default in most up-to-date office suites).

Professional PC security software will identify most file-locking Trojans and threats that wield encryption as an attack. Removing the VAGGEN Ransomware with these products should guarantee safe and comprehensive disinfection, but not the restoration for blocked files.

What badge the VAGGEN Ransomware uses, or doesn't, for badgering a victim is one of many details still unknown to the world. Whether it's Swedish or another nationality, it's one more Trojan whose payload is toothless in the face of backups and smart browsing behavior.

Loading...