The most commonly used distribution methods include: drive-by (stealthy and deceptive) downloads, online scams, malicious attachments and links in spam emails/messages, dubious download channels (e.g., unofficial and freeware websites, P2P sharing networks, etc.), illegal software activation ("cracking") tools, and fake updates. When an infectious file is executed, run, or otherwise opened - the infection chain is triggered.
Virulent files can be in various formats, e.g., archives, executables, Microsoft Office and PDF documents, JavaScript, etc. Malicious programs are usually presented as or bundled (packed together) with ordinary software/media. Malware (ransomware included) is spread using phishing and social engineering tactics. However, these programs have two significant differences in-between - the cryptographic algorithms they use ( symmetric or asymmetric) and the ransom size. Malware within this classification operates by encrypting files and demanding ransoms for the decryption. We have analyzed thousands of ransomware-type programs Vveo, Arai, Kamikizu, Vvew, and 69 are merely a few examples. We highly recommend keeping backups in multiple separate locations (e.g., unplugged storage devices, remote servers, etc.) - to avoid permanent data loss. The only solution is recovering them from a backup, if one was created prior and is stored elsewhere. Unfortunately, removal will not restore already compromised files. Removing Vvwq ransomware from the operating system will prevent it from encrypting more data. Therefore, we strongly advise against paying criminals and inadvertently supporting their illegal activities.
Additionally, the note offers a free decryption test.īased on our extensive experience researching ransomware infections, we can conclude decryption is usually impossible without the cyber criminals' interference.įurthermore, despite meeting the ransom demands - victims often do not receive the promised decryption tools.
The price is 980 USD however, if victims establish contact with the attackers within 72 hours - the price will be reduced by 50% (490 USD). The message states that the decryption keys and tools must be purchased to restore the encrypted data. Vvwq ransomware's note informs victims that their databases, documents, pictures, and other important files have been encrypted. Screenshot of files encrypted by Vvwq ransomware: Once the encryption process was completed, a ransom note - " _readme.txt" - was created. vvwq" extension, e.g., a file like " 1.jpg" appeared as " 1.jpg.vvwq", " 2.png" as " 2.png.vvwq", etc. The filenames of the affected files were appended with the ". We executed a sample of Vvwq ransomware on our testing system, and it began encrypting files. This malicious program belongs to the Djvu ransomware family. Our research team discovered the Vvwq ransomware-type program during a routine inspection of new submissions to VirusTotal.