VenusLocker Ransomware
Posted: August 3, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 80 |
| First Seen: | August 3, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The VenusLocker Ransomware is a Trojan that uses file-encrypting technology to attack your PC. Any content that the VenusLocker Ransomware encrypts can no longer be read by associated applications, but may, in theory, be recoverable through a decryption routine. Because the VenusLocker Ransomware takes steps for protecting its decryption routine and has no free alternative currently, malware experts advocate disinfecting your PC and restoring your files from a backup after you've removed the VenusLocker Ransomware.
The Touch of a Greedy Goddess on Your Files
Borrowing the code of other projects to speed up a threat campaign's development is especially endemic to the industry of threatening file encryptors. The open-source EDA2 code is one origin point of a variety of these projects, with previous threats based on it including the AlphaLocker Ransomware and the Chilean SeginChile Ransomware. Now, malware experts also have identified the VenusLocker Ransomware, showing a possible shift back to the EDA2 source code, after a previous de-emphasis of it.
The VenusLocker Ransomware targets English-speaking regions and uses a conventional but difficult to revert encryption routine that it bases on an AES-256 algorithm with an RSA-2048 public key. The Trojan then sends the decryption key to a Command & Control server controlled by the remote attacker and displays several ransom messages. Like many other file encryptors malware experts see operating this year, the VenusLocker Ransomware uses three formats for its extortion messages: an HTML pop-up window, text and an image.
The VenusLocker Ransomware's pop-up message offers a for-a-price decryption service within seventy-two hours before the con artists delete the key and ask for a comparatively small ransom fee for this industry: 100 USD.
The VenusLocker Ransomware's text message, which it names a ReadMe file, offers identical content to its pop-up window but without the dynamic payment field.
The VenusLocker Ransomware's image delivers a less verbose version of its ransom demands, with recommendations including making contact with the con artists through e-mail for negotiations. The VenusLocker Ransomware also uses imagery implying (most likely falsely) a connection between the VenusLocker Ransomware campaign and the hacker-activist group Anonymous.
Unlocking Your PC from the Grasp of Venus
The VenusLocker Ransomware infections provide several clues for their immediate identification. They add '.venusf' extensions to all encrypted files, load automatic pop-ups and hijack the account's desktop background for ransom displaying purposes. However, there are no current free decryptors for the VenusLocker Ransomware, and a remote attacker may not provide any decryption assistance even after taking his Bitcoin payment. Stopping the VenusLocker Ransomware from installing itself is the most guaranteed method for keeping your data safe from becoming potentially unrecoverable.
PCs not connected to the Web during the VenusLocker Ransomware's installation, and, therefore, unable to provide communications to a C&C server, still may have the public key accessible. In such scenarios, contact a reputable PC security or repair technician for further decryption help. However, in more typical circumstances than the above, PC users will need to use backups that can overwrite the encrypted files with unencrypted data. Malware experts regularly recommend using cloud services and external devices for this purpose.
The VenusLocker Ransomware's ransom warnings offer both carrots and sticks to any victims: a promise of prompt assistance after payment, along with a time limit before its administrators delete your decryption key. However, paying a ransom instead of removing the VenusLocker Ransomware through traditional anti-malware strategies doesn't offer a guaranteed recovery, and does little besides fund future campaigns using misappropriated code for harmful acts.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.