Home Malware Programs Ransomware Vortex Ransomware

Vortex Ransomware

Posted: March 10, 2017

The Vortex Ransomware is a Trojan targeting Polish-speaking PC users with attacks that block their files by encrypting them. Free decryption solutions or restoring from backups always are superior recovery options compared to ones demanded by Trojans like the Vortex Ransomware, which demand ransoms paid to a con artist's account. Since symptoms of its payload are most visible after it harms your files, malware experts recommend using anti-malware products to block and delete the Vortex Ransomware beforehand automatically.

Spinning Your Files Around in a Vortex of Greed

Even with well-understood and analyzed families of Trojans taking up the majority of the market for digital ransoming campaigns, some threat actors can find room to produce independent threats. The Vortex Ransomware is a new Trojan of an unknown lineage whose network activities trace back to Russian Web infrastructure even though it aims its attacks at residents of Poland. Early signs detected by malware experts are indicative that this Trojan's payload may be decryptable although any victims with files especially valuable should refrain from banking on the assumption.

Like most file-encryptor Trojans, the Vortex Ransomware prefers AES or Rijndael for its block cipher of choice, which it uses for locking any local files of particular formats. Content on an infected PC most likely of being impacted includes Microsoft Office output (DOCs, PowerPoint presentations, Excel spreadsheets), archives such as ZIP, and major media like MP4, MP3 and MPG. It appends the '.aes' extension to each filename before creating its ransom message, a Polish-language text file.

The Vortex Ransomware offers an e-mail address to contact its threat actors and acquire a file-unlocking decryptor, but only after you pay their ransom. Because the Vortex Ransomware's encryption method isn't completely secure, malware experts advise that anyone with no other options contact an experienced cyber security expert for assistance on decoding the data without making any payments that the threat actors may not acknowledge.

Bringing Calm to a Whirlwind of Hard Drive Disarray

The Vortex Ransomware locks over forty types of commonly-used data, makes Registry changes to ensure its persistence on any infected Windows machine and conducts network activities that could give con artists additional means of attacking the system. It also uses an unusual password generation technique with a basis on an external Web API that indicates that its authors aren't inexperienced programmers necessarily, unlike a majority of those who borrow code from families like Troldesh or the Xorist Ransomware.

However, the easiest way to prevent the Vortex Ransomware infections from placing you in a ransom-vulnerable situation is to use backups that make decryption access irrelevant in the face of your options for remote file recovery. Third party security researchers also are working on decoding the Vortex Ransomware's payload and may be able to give victims with no better options a way to decrypt their files at no charge. Until that time, having anti-malware protection for blocking and deleting the Vortex Ransomware early on is necessary for protecting the contents of your PC especially.

No word has yet been verifiable about how this Trojan is compromising new systems. Watch for common schemes, such as fake e-mail attachments, that could be the latest Trojan droppers for threats like the Vortex Ransomware campaign.

Related Posts

Loading...