Our research indicates that there are at least three identical ransomware viruses currently infecting victims under different names. Ecovector and Vegclass ransomware “share” the same desktop wallpapers, and act in a very similar way. We also suspect that these two ransomware pieces are operated by the same individual(s) also spreading Green_Ray and the .xtbl extension ransomware. Encrypted files will have these extensions – .Vegclass(@)aol.com.xtbl, .{ecovector3(@)aol.com}.xtbl.
All of those crypto viruses set an email address type of extension ({.ecovector3(@)aol.com.xtbl, green_ray(@)aol.com.xtbl, etc.) and provide email addresses for contact that are quite alike. Continue reading to learn how to deal with those crypto threats.
Threat Summary
| Name | Ecovector (Vegclass) Ransomware |
| Type | Ransomware |
| Short Description | A new ransomware that has a lot in common with other “@india.com” crypto viruses. |
| Symptoms | Files become corrupted and the wallpaper is changed to instructions on how to pay the ransom money and decrypt your files. |
| Distribution Method | Spam email attachments, EKs, etc. |
| Detection Tool | See If Your System Has Been Affected by Ecovector (Vegclass) Ransomware Download Malware Removal Tool |
| User Experience | Join Our Forum to Discuss Ecovector (Vegclass) Ransomware. |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
Other ransomware viruses we suspect to be operated by the individual or group of individuals are:
Because of their suspected Indian origin, security researchers refer to these ransomware pieces as “@india.com viruses”.
Ecovector (Vegclass) Ransomware – Distribution Method
The most likely distribution methods that Ecovector (Vegclass) crypto virus may have employed to infect the victim’s system are:
- Malicious URLs posted as spam comments on forums or other social websites.
- Malicious URLs featured in spam emails appearing to be sent by a legitimate service.
However, the Ecovector (Vegclass) ransomware may be spread with the assistance of other malware. We have observed that the most often malware to download crypto-viruses are MSIL Trojans and exploit kits, such as the Angler EK. Since their executables are obfuscated by the so-called cryptors or obfuscating software, it is difficult for a conventional antivirus software to detect them. The distribution malware may either open a port, connect to a host and download the malicious .exe via the port or directly create an exploit for the attackers.
Ecovector (Vegclass) Ransomware – Technical Overview
The wallpaper and text file set by this crypto virus show a message explaining that the user’s files are now encrypted and that the victim should contact the provided email address. This encouragement should make the victim contact the cyber criminals, who are then supposed to send a private decryption key.
Ransomware such as Ecovector (Vegclass) use asymmetric algorithm which means that decryption is only possible via a private key only possessed by the ransomware operators. However, note that paying the ransom is never recommended since it supports the cyber criminal business and doesn’t guarantee that the affected files will be restored. There are numerous cases of victims who have sent payments, typically in Bitcoin, but couldn’t get their files back to their normal condition. Our advice is to seek alternative restoration methods, such as the ones provided in the manual below the article.
This is the text displayed on the ransomware desktop set by Ecovector (Vegclass) ransomware:
Attention!!! To restore information email technical support send 3 encrypted files Econvector3(@)aol.com or Eco_vector(@)india.com
As mentioned in the beginning, files encrypted by this crypto virus will be appended the following extensions:
- .Vegclass(@)aol.com.xtbl
- .{ecovector3(@)aol.com}.xtbl
Ecovector (Vegclass) Ransomware Removal Instructions
To rid your system of Ecovector (Vegclass) ransomware, we advise you to have a look at the instructions provided below the article. If you’re an experienced user and have dealt with similar infections below, you can follow the manual guide. However, to make sure that all files associated with Ecovector (Vegclass) are fully removed from the system, it’s best to use a specific anti-malware program.
