• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Cryptovirological Discovery: Vaca Ransomware

February 4, 2019Simeon Georgiev

In the last three years, ransomware has become a leading cyber threat all across the globe. No user in any part of the world is safe from the mischief of cryptovirological operators. It’s been one month into 2019 and the current cyber landscape suggests that ransomware operators are not willing to cut down the development of new cryptovirological scripts.

This trend suggests that ransomware removal experts will continue to hone their expertise in order to get rid of ever-increasing cryptovirological threats. A team of malware hunters has recently discovered yet another cryptovirological strain lingering in the cyberspace for the last couple of days.

This ransomware script goes with the name Vaca. According to the preliminary inspection, experts have found out that Vaca ransomware is not an entirely new ransomware strain. In fact, it is a variant of Xorist ransomware that was first surfaced three years ago. The operators of Xorist have developed more than 15 different variants including Vaca so far.

Xorist Ransomware: A Ransomware With Unique Encryption Action

In this section, we have discussed a lot of ransomware strains. The majority of them use either AES or RSA encryption modules. Some of them also use the combination of both. However, Xorist and its variants are quite different in this regard. Xorist developers use XOR ciphers and Tiny Encryption Algorithm (TEA) module to lock down files on the affected devices. By using unique encryption modules, Xorist developers have made it difficult for ransomware removal experts to come up with decrypters for the affected devices.

Vaca Ransomware Operators Ask Victims to SMS Their ID

It has been found out that the latest Xorist ransomware variant uses phishing emails to distribute the infected payload on devices. Once the encryption of the stored files finishes, a text file with a ransom note appears on the screen.

Instead of directly quoting the extortion amount for providing ransomware removal solution, Vaca ransomware operators ask the victims to send them their ID via SMS to a VoIP number. We strongly advise users against contacting the attackers for the decrypter. There is no guarantee that the attackers will provide the solution. Moreover, you can’t rule out the fact that mischievous cybercriminals can extend their malicious activity via further correspondence.

It’s not clear whether Vaca ransomware operators are using the same XOR/ TEA encryption methods or have shifted to RSA and AES modules. Whichever encryption has been used in VACA script, we would recommend you to get in touch with any seasoned ransomware removal expert for a professional solution.

In the previous Xorist ransomware attacks, the operators would usually ask somewhere between 0.3 and 2 Bitcoins to provide the decrypter. So, there are strong chances that the VACA ransom demand will also be in the same range.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Russia Hit by New Wave of Ransomware Spam Next post Experts Discover a New Variant of MongoLock Ransomware

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.