Home Malware Programs Ransomware Verasto Ransomware

Verasto Ransomware

Posted: April 24, 2019

The Verasto Ransomware is a file-locking Trojan that can keep your media from opening, remove your backups, create ransoming messages, or conduct other attacks for collecting information or compromising the system's security. Users should disable their network connections as a precaution while dealing with infections and prepare themselves for the potential loss of sensitive credentials or local files. Most anti-malware products may, if not recover any media, at least remove the Verasto Ransomware from your computer.

The STOP Ransomware Continues Ignoring All Stop Signs

As proof of Ransomware-as-a-Service's business viability, at least as a way of getting other criminals to buy Black Hat programs, STOP Ransomware is a vibrant example for the spring of 2019. Its variants are boasting of significant changes, such as dropping spyware like AZOrult, hijacking the victim's browser, or launching other attacks, but the focal theme is the same as always: locking files for ransoms. The Verasto Ransomware only is the next in a series of similar threats from this family, following up afterthe Moresa Ransomware,the Norvas Ransomware, the Kroput Ransomware and the Guvara Ransomware.

The Verasto Ransomware – whose name is of a linguistically obtuse origin – is out in the wild as build 0.70 of the STOP Ransomware family, although this numbering doesn't indicate any problems with its attacks. It searches the local system and network-available drives for files, such as documents or archives, that are worth blocking, and encrypts them. Users can search for the 'verasto' extension it appends for finding them, but changing the name back has no effect on the encryption and won't let the files open.

Some variants of the Verasto Ransomware's family are installing Azorult spyware, as well, which exfiltrates your browser history and other credentials. Another, mildly strange feature for the recent build of the STOP Ransomware is Hosts file changes that can redirect the browser to corrupted sites by changing the domain-to-IP-address correlations. However, since the encryption is the defining feature of the Trojan, malware experts are especially emphasizing safely-stored backups for defending against most of the ill effects of an attack.

Subtracting the Ransom Opportunities from File-Locker Trojans

The Verasto Ransomware may be arriving at its victims' PCs through torrents, which are a favored infiltration method by threat actors who aren't targeting any industries or users, in particular. These download resources may fake being key generators for well-known games, movies or music albums by prominent artists. Fake software updates from corrupted domains or hacked advertising networks especially are other sources of potentially, toxic downloads.

Spam e-mail is another exploit method that threat actors, often, prefer when they're delivering file-locker Trojans. These messages can imitate content that's for a specific company or employee. Attachments for dropping the Verasto Ransomware may be real documents with embedded exploits or fake ones with inaccurate extensions.

There isn't a free decryptor that's compatible with all of STOP Ransomware's members universally, but an unlocking-based recovery isn't impossible consistently. Users can try recovering copies of encrypted media via the publicly-available solutions after removing the Verasto Ransomware with the anti-malware program of their choice.

Malware researchers wouldn't mind knowing why the Verasto Ransomware is using this particular extension string, along with what victims it's holding up with its extortion. Until they ferret out these details, however, users still should be making all effort at backing up every file of significance to them.

Loading...