Threat Summary: NameĪvast (PWSX-gen ), AVG (PWSX-gen ), ESET-NOD32 (A Variant Of Win32/GenKryptik.FXYR), Kaspersky (UDS:), Microsoft (Trojan:Win32/Sabsik.FL.B!ml), Full List Of Detections ( VirusTotal)Ĭannot open files stored on your computer, previously functional files now have a different extension (for example, my.docx.locked).
Typically, threat actors use JavaScript files, PDF and Microsoft Office documents, executables, archives, or ISO files to distribute malware. In other cases, users infect computers with ransomware by opening files sent by threat actors via email, files downloaded from untrustworthy sources, executed Trojans, or fake updaters.Įxamples of unreliable sources for downloading files and programs that cybercriminals use to distribute malware are unofficial websites, third-party downloaders, Peer-to-Peer networks, free file hosting pages, etc.
Usually, Djvu ransomware is distributed using fake installers for cracked/pirated software (or cracking tools) and deceptive sites offering to download videos from YouTube. Examples of different ransomware are Arai, Kamikizu, and 69. The most common differences between ransomware attacks are the prices of decryption tools and cryptographic algorithms used to encrypt data. In most cases, it renames files and provides a ransom note as well. Ransomware encrypts files to make them inaccessible/unusable. Once removed, ransomware can no longer cause more damage (encrypt more files and spread over a local network). Also, ransomware should be removed from the compromised device immediately. Thus, it is not recommended to trust the attackers even if they decrypt some files for free. There are many cases where cybercriminals have not provided a decryption tool even after the payment. Paying for data recovery can only be avoided if victims have a data backup or a working third-party decryption tool is available online. Typically, ransomware victims cannot decrypt files without the right decryption software/key. Victims can have one file decrypted for free. It states that files cannot be decrypted without software and a unique key that can be purchased for $980 or $490 (it depends on whether the attackers will be contacted within or after 72 hours).Īlso, the ransom note mentions that victims can send one encrypted file via email before paying for decryption tools.
The ransom note instructs victims to contact the attackers using the provided email addresses to receive further instructions. Screenshot of files encrypted by Vvew ransomware: vvew" extension to filenames and creates the " _readme.txt" file containing contact and payment information.Īn example of how Vvew renames encrypted files: it changes " 1.jpg" to " 1.jpg.vvew", " 2.png" to " 2.png.vvew", " 3.exe" to " 3.exe.vvew", and so forth.
Our team discovered it while checking VirusTotal for recently submitted malware samples. Vvew is ransomware belonging to the Djvu family.