VevoLocker ransomware is a dangerous file-encrypting virus that targets organization sites

VevoLocker ransomware is a crypto-locker that was first spotted late April 2018. It made its entry quite scandalously as it completely blocked the operation of Ukraine's Ministry of Energy and Coal[1] official website. The virus was also spotted on multiple other websites, including Danish sites. Thus, the further expansion of the virus is highly likely.
| SUMMARY | |
| Name | VevoLocker ransomware |
|---|---|
| Type | Website files-encrypting virus |
| Payment demanded | 0.01 BTC |
| Distribution | Software vulnerabilities, exploits, unprotected RDP configurations, etc. |
| Main dangers | Loss of personal files, data leakage, other malware infections, etc. |
| Elimination | Download and install FortectIntego or MalwarebytesMalwarebytes |
VevoLocker completely blocks the operation of a website by locking up all .css, .htm, .html, .js, and .php files. Hackers then demand a payment of 0.01 Bitcoin to be paid for data decryption key. The file recovery may be possible without paying the ransom; however, the first thing that needs to be taken care of is VevoLocker ransomware removal.
VevoLocker virus spread with the help of the well-known CMS system Drupal vulnerability, dubbed Drupalgeddon2. The patches were released by Drupal to fix the flaw CVE-2018-7600.[2] Unfortunately, some organizations did not bother to apply the update.
As soon VevoLocker enters the vulnerable machine, it modifies Windows settings to ensure boot persistence. In addition to locking files, malware can also render operating systems vulnerable to other infections, including spyware or trojans, or even another ransomware that can lock up personal files and then demand ransom for their release.
When trying to access the compromised site, users or site owner will see the following message:
Oops, your website have been encrypted!
What happened to my website? Your important website files are encrypted. Many of your .php, .css, .js, and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time! Nobody can decrypt your files without our special decryption key.
<…>
Hackers then proceed to explain that the only way to get their files back is by paying them 0.01 BTC(around $90 at the time of the writing) into the provided wallet. Apparently, after payment is executed, the victim needs to contact criminals via the email address provided in the link.
However, we highly discourage users contacting hackers. Not only may you waste your money but you will also be supporting hackers activities and encourage them to create more viruses to extort money from other users. Instead, we suggest downloading a reputable security tool like FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes and run it in the Safe mode with Networking.
File recovery might be quite problematic, as the key to decrypt files is located on a remote server in hackers' possession. Nevertheless, we provide third-party tools that might help to decrypt files. You can find all descriptions below this post. Do not forget that you need to remove VevoLocker malware before trying to get your files back.

Ways ransomware enters machines
Ransomware is a deadly threat as it can lead to a complete destruction of files and prevent the operation of the website. Therefore, it is extremely important to make sure how to protect yourself from such infections. Security experts[3] advise to do the following:
- Back up your data on a secure remote server. It can be an external hard drive or cloud server;
- Employ robust security software and keep it up to date;
- Regularly update your operating system and software. As we already mentioned, security specialists continually fix flaws in their code by patching them;
- Do not visit suspicious websites and do not click on advertisements;
- Immediately delete suspicious emails coming into your mailbox. The built-in security software flags up phishing emails most of the time, so never ignore those warnings;
VevoLocker ransomware removal steps
VevoLocker removal cannot be executed manually. The virus is persistent and embedded deep within system files, so only IT specialists are able to do that manually. For regular users, it is best to download and install security software that can find all the VevoLocker virus related components and exterminate them for good.
At the present time, there is no decryptor available that could unlock the files. Nevertheless, you can get your data back from a remote server, such as Google Drive or Dropbox. Alternatively, the external hard drive will do that job just as well.
If you did not have a backup, do not lose hope. Try out third-party software that may help you. Do not forget that you need to remove VevoLocker ransomware first, otherwise your files will get encrypted again.
Was this guide helpful?
Be the first to comment