Security News > 2020 > May > Vcrypt ransomware brings along a buddy to do the encryption

Vcrypt ransomware brings along a buddy to do the encryption
2020-05-07 17:48

The bad news is that whoever wrote this malware decided to be doubly destructive: it scrambles the files on your C: drive using a secret decryption key, but it wipes out the files on all your other drives, looping through all the letters A: to Z: except C:, issuing commands to delete all the files and directories it can find.

The good news is that the programmer of Ransom-FXO didn't take much care over the encryption part, and used a hardcoded cryptographic key that can fairly easily be extracted from the malware file.

Delete the file C:USERS[yourname]AppDataLocalTempvideo driver.

You can recover your files by hand by installing the 7-Zip utility and then opening up the.

There's no quick way to get back files deleted from other drive letters than C:. but if you're in the habit of making regular and frequent backups, and of keeping at least one copy offline where it can't be deleted during an attack, you should be able to recover anyway.


News URL

https://nakedsecurity.sophos.com/2020/05/07/vcrypt-ransomware-holds-your-files-hostage-without-encrypting-them/