Vindows Locker is the name for a new ransomware cryptovirus. Malware researcher Jakub Kroustek discovered the virus. The ransom price that it asks for decrypting your files is 350 US dollars. The malware will encrypt your files and place the extension .vindows to each one of them. To see how to remove this ransomware and how you can try to restore your files, carefully read the article to the end.
|Short Description||The ransomware will encrypt your files and then display a ransom note with instructions for payment.|
|Symptoms||The ransomware will encrypt your files and put the extension .vindows to every one of them.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by Vindows Locker |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Vindows Locker.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Vindows Locker Virus – Spread
Vindows Locker ransomware can spread its infection in multiple methods. One of the most efficient ways is with sending the payload as an .exe file. That executable file delivers the ransomware, so when loaded the malicious script inside infects your computer machine. You can see the analysis of that executable containing the payload on the VirusTotal website, from the screenshot below:
Vindows Locker ransomware might be spreading its payload around social media and platforms for file-sharing. The malicious script could be hidden as the setup of applications, which are advertised as legitimate and useful. Refrain from opening files from suspicious sources as links and emails. You should always scan files you download with a security tool and check their size and signature for anything that seems out of place. You should read the tips about ransomware prevention from the corresponding forum topic.
Vindows Locker Virus – Details
Vindows Locker looks like a tech support scam and is one. But more than that – it is also ransomware and a cryptovirus. The malware researcher Jakub Kroustek found it in the wild.
Vindows Locker is named that way and after it encrypts your files, it will put the extension .vindows appended as a secondary extension to every file that’s locked. This ransomware is possible to create entries in the Windows Registry to achieve a greater level of persistence. These registry entries will make this virus start automatically with each boot of the Windows Operating System.
After your files get encrypted, a screen with the ransom message will appear with instructions for payment and the demands of the cybercriminals for unlocking your files. You can see the ransom message from the image below:
The ransom note reads the following:
this is not Microsoft vindows support
we have locked your files with the zeus wirus
do one thing and call level 5 microsoft support technician at
you will files back for a one time charge of $349.99
The ransom price that this cryptovirus demands as payment for the decryption of your files is 349.99 US dollars, which is nearly half a Bitcoin. You are lied to that you are infected with the Zeus virus, that you are given a phone to a Microsoft employee. You should NOT consider calling the crooks, nor paying the demanded ransom. This may only result in the cybercriminals making more ransomware with the money. Besides, nobody can guarantee that all of your files will get restored if you pay that sum of money.
The Vindows Locker ransomware encrypts files and appends the .vindows extension to every one of them. The encryption algorithm that is used is not known, but according to some researchers, the code looks similar to that of the HiddenTear open-source project. The list with file extensions which this virus seeks to encrypt is incomplete, but you can see some of the extensions down here:
→.doc, .docx, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx
Extensions Source: @Jakub Kroustek
The Vindows Locker cryptovirus is quite likely to erase the Shadow Volume Copies from the Windows operating system by using the command given down here:
→vssadmin.exe delete shadows /all /Quiet
Read further to find out what types of methods you can try to restore at least a part of your data.
Remove Vindows Locker Virus and Restore .vindows Files
If your computer got infected with the Vindows Locker ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Vindows Locker.