VegaLocker ransomware is a dangerous computer virus which does not add any extensions to locked files

VegaLocker ransomware is a cryptovirus which performs the encryption[1] after successful infiltration. However, this cyber threat has one big difference from other of its kind – it does not apply any appendix or rename any encrypted files or documents. Of course, it does provide a ransom message which is named “Your files are now encrypted.txt” or “ABOUT YOUR FILES.txt”. We can guess that cybercriminals target Russians or Russian-speaking users as the note is written in the Russian language. The crooks demand some money which needs to be transferred in Bitcoin and provide email addresses such as sprosinas@cock.li, sprosinas2@protonmail.com, or sup24@keemail.me, sub24@protonmail.ch.
| Name | VegaLocker |
|---|---|
| Category | Ransomware |
| Appendix | No appendix is added to locked files |
| Ransom message(s) | “Your files are now encrypted.txt” or “ABOUT YOUR FILES.txt” |
| Encryption keys | Such as AES, RSA, SHA, etc. |
| Target | Russian people or Russian speakers |
| Emails | sprosinas@cock.li, sprosinas2@protonmail.com, or sup24@keemail.me, sub24@protonmail.ch |
| Detection | You can try using FortectIntego for detecting malware-related objects |
There is a big possibility that, once you are infected with VegaLocker virus, you will find rogue entries injected in the Windows Registry section or suspicious-looking processes running in the computer system. One of the odd components will be the ransom message which usually looks like this:
ВНИМАНИЕ, ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ!
Ваши документы, фотографии, базы данных, сохранения в играх и другие
важные данные были зашифрованы уникальным ключем, который находится
только у нас. Для восстановления данных необходим дешифровщик.
Восстановить файлы Вы можете, написав нам на почту:
e-mail: sprosinas@cock.li
e-mail: sprosinas2@protonmail.com
Пришлите Ваш идентификатор TOKEN и 1-2 файла, размером до 1 Мб каждый.
Мы их восстановим, в доказательство возможности расшифровки.
После демонстрации вы получите инструкцию по оплате, а после оплаты
Вам будет отправлена программа-дешифратор, которая полностью восстановит все заблокированные файлы без потерь.
Если связаться через почту не получается:
Перейдите по ссылке: https://bitmessage.org/wiki/Main_Page и скачайте
почтовый клиент. Установите почтовый клиент и создайте себе новый адрес
для отправки сообщений.
Напишите нам письмо на адрес: BM-2cVK1UBcUGmSPDVMo8TN7eh7BJG9jUVrdG
(с указанием Вашей почты) и мы свяжемся с Вами.
ВАЖНО!
Victims are given three days to show contact, otherwise, they are threatened that files will be permanently lost. Even though crooks use hardly-identifiable encryption algorithms, this does not mean that you have to rush and pay the VegaLocker ransomware cybercriminals. A particular amount of money is not demanded this time but matters are urged to be discussed via email letters.
Instead of paying the crooks, we suggest performing the VegaLocker ransomware removal by using anti-malware programs. Additionally, we offer to install a tool such as FortectIntego or SpyHunterCombo Cleaner to detect all malicious files, entries, and other virus-related components that might be safely hidden in the computer system by the ransomware virus infection.
Another important reason to get rid of VegaLocker ransomware on time is the virus's ability to make the system vulnerable to other infections. Each malware causes security flaws and might allow other threats to sneak into the system. Additionally, some cryptoviruses are capable of deleting Shadow Volume Copies which means that if you do not hurry up and terminate the virus ASAP, you might not be able to restore your encrypted data.
You cannot remove VegaLocker ransomware by yourself as this process requires a lot of practice and some actions can be performed only by reputable anti-malware. Remember to be careful next time and continue reading about ransomware avoiding tips and how to keep your important data protected from unwanted exposure or encryption.

Recently, the developers of VegaLocker ransomware have released another very similar version of this notorious file-locking cyber threat. It uses the ABOUT YOUR FILES.txt ransom message to inform users about the secret encryption process. This virus still seems to be targeting Russian speakers as the note is written in the Russian language. Crooks provide two email addresses in the text message: sup24@keemail.me and sup24@protonmail.ch.
For further information, it is known that the latest version of VegaLocker ransomware uses a mixture of SHA and RSA encryption algorithms in order to lock up files on the targeted machine. Additionally, once installed, the dangerous file-locking virus places the blanki(скореевсего образец вируса).exe file in the infected computer system from which the hazardous payload might be identified. The ransomware is detected as Win32:Malware-gen by Avast and AVG antivirus programs.
Ransomware can spread through malicious email attachments
According to computer specialists from Virusai.lt,[2] ransomware viruses are most commonly spread via malicious email messages and their attached executables or infected links that come injected inside the message itself. We urge all users to be careful while opening received email and deleting all letters that they are not sure about and look suspicious.
Another popular ransomware distribution source can be various third-party pages which are created for downloading software, films, and various applications for free. Peer-to-peer networks[3] are promoted by secondary sources and often lack protection. This vulnerability allows criminals to inject malware into unprotected hyperlinks or even software packages.
For further protection, you should always be careful while visiting websites on the Internet, downloading particular software, and so on. However, our specialists also offer to download and install a reputable computer security program for safety purposes. In some cases, the human eye might not catch all hazardous content, so, this can be done by antivirus tools.
VegaLocker ransomware should be terminated ASAP after detection
If your antivirus tool has detected the ransomware infection, you need to remove VegaLocker virus fast. If you do not have an anti-malware tool[4] which will allow you to find all virus-related components on your system, we suggest considering to download and install an expert-tested program such as FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes.
After the VegaLocker ransomware removal, make sure that you reboot the entire computer system. For data recovery steps, look below this text. Moreover, be prepared for the future – gather all important data and store it on remote servers or devices where no one, except you, will be able to reach it.
Was this guide helpful?
Be the first to comment