Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3362574
  • 博文数量: 515
  • 博客积分: 5116
  • 博客等级: 大校
  • 技术积分: 4137
  • 用 户 组: 普通用户
  • 注册时间: 2006-09-30 11:24
个人简介

黑马王子就是我! 技术认证:系统分析师,网络规划设计师,网络工程师,信息系统监理师,系统集成项目管理师,初级程序员,MCSE,MCDBA,CCNA 目前主攻虚拟化技术,VPN,系统架构,集群和高可用性等。

文章分类

全部博文(515)

文章存档

2023年(11)

2022年(17)

2021年(19)

2020年(28)

2019年(42)

2018年(53)

2017年(41)

2016年(33)

2015年(43)

2014年(25)

2013年(13)

2011年(6)

2010年(28)

2009年(47)

2008年(55)

2007年(26)

2006年(28)

分类: 网络与安全

2016-06-07 15:44:40

Vegclass Ransomware病毒是个什么鬼?居然让我给碰上了,D盘上所有文档都被加密了,不能打开,杀毒软件似乎对其无能为力,应该是个最近出来的病毒了,大家小心了...
相关文档如下:

Vegclass ransomware removal instructions

What is Vegclass?

Vegclass is another ransomware infection identical to , , and . After stealthily infiltrating the system, Vegclass uses an asymmetric encryption algorithm to encrypt various files stored on victims' computers. During encryption, Vegclass ransomware adds the .Vegclass(@)aol.com.xtbl extension to the name of each encrypted file. It also changes the desktop wallpaper and creates a 'How to decrypt your files' text file, placing it in each folder containing encrypted files.

The text file and desktop wallpaper state that victims must contact developers of Vegclass to restore their encrypted files. As mentioned, Vegclass employs the asymmetric encryption algorithm and, thus, public (to encrypt) and private (to decrypt) keys are generated during encryption. The private key is unfortunately stored on Command and Control (C&C) servers controlled by cyber criminals (developers of Vegclass). Therefore, to restore files, victims must purchase the private key for a certain fee (which is currently unknown). To receive payment instructions, victims must send three selected files to the email address provided. Bear in mind, however, that developers of ransomware-type viruses often ignore victims regardless of any payments made. Therefore, we strongly advise you not to contact cyber criminals or pay any ransom. In doing so, you will simply support their malicious businesses. Unfortunately, there are currently no tools capable of decrypting files compromised by Vegclass. Therefore, victims can only restore their files/system from a backup.

Screenshot of a message encouraging users to contact the developers of Vegclass ransomware to decrypt their compromised data:

Vegclass decrypt instructions

All ransomware-type viruses are very similar - they encrypt victims' files and demand ransom payments. There are two main differences - the type of encryption algorithm used and size of ransom. Research shows that these viruses are mostly distributed using malicious email attachments, P2P (peer-to-peer) networks, fake software updates, and trojans. Therefore, never download files from third party sources or open attachments sent from unrecognized/suspicious email addresses. In addition, keep your installed software up-to-date and use a legitimate anti-virus/anti-spyware suite. The existence of ransomware-type malware is one of the main reasons why you should maintain regular backups of your files.

Text presented in Vegclass desktop wallpaper:

Attention!!! To restore information email technical support send 3 encrypted files Econvector3(@)aol.com or Eco_vector(@)india.com

Screenshot of Vegclass ransomware text file (How to decrypt your files.txt):

Vegclass text file

Text presented within this file:

DECRYPT FILES EMAIL ecovector3(@)aol.com or eco_vector(@)india.com

Screenshot of files encrypted by Vegclass:

Files encrypted by Vegclass

Vegclass ransomware removal:

Quick menu:

  • STEP 1.
  • STEP 2.
阅读(6136) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~