Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Vipasana and Restore the Encrypted Files

Vipasana ransomware has been reported to encrypt mainline servers as well as PCs on a global scale. The name of the crypto-malware has nothing to do with the actual “Vipassana” which translates to a type of meditation. The ransom message of this malware is in Russian, and it creates malicious files on the user PC after which scans for and encrypts user data with a strong cypher. All users who have been affected by it are strongly advised to be very cautious when it comes to this cyber-threat.

NameVipasana
TypeRansomware
Short DescriptionEncrypts key user files leaving them unable to be opened.
SymptomsThe user may witness the ransom message set as a wallpaper on the Desktop of the affected PC.
Distribution MethodVia malicious URLs or malicious attachments.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Vipasana
User Experience Join our forum to discuss Vipasana.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How is Vipasana Ransomware Spread

This malware may be spread via many different methods. The primary method of spreading ransomware is via exploit kits featured in malicious e-mail web links:

malicious-email-spam-links-sensorstechforum

Not only this, but the malware may spread over various local networks and infect the computers on the networks via spam bots. Another method of it spreading is in online chats and the social media, via malicious URLs. Either way, users are strongly advised to take caution when it comes opening web links and always to do it through a secure browser, virtual drive or a sandbox application.

What Does Vipasana Ransomware Do?

Once it has been activated on your computer, Vipasana displays a ransom message in Russian. The message is the following:

ransomware-vipasanaSource: Blaze’s Security Blog

The translation of the message goes as follows:

→ “Your files have been encrypted. If you want to get them back, send 1 encrypted file to this mail:
[email protected]
ATTENTION! You have one week to write me an email regarding this situation. After this deadline, the decryption of the files will be impossible.”

Besides the primary e-mail address, there has also been another one reported to be used by hackers – [email protected] This is particularly creative, because the creators of Vipasana want to establish contact with their victims before giving any other instructions, instead of directly telling them what to do. What is good for the user is that they give him 1-week deadline which is more than enough if there is a decryption method. However, it is not yet clear what encryption algorithm is being used by this ransomware. It is believed that the cypher may be RSA or AES or possibly both of them combined.

After this ransomware has situated its files on your computer, it begins to scan for the following file extensions, according to Blaze’s Security Blog:

→ .r3d, .rwl, .rx2, .p12, .sbs, .sldasm, .wps, .sldprt, .odc, .odb, .old, .nbd, .nx1, .nrw, .orf, .ppt, .mov, .mpeg, .csv, .mdb, .cer, .arj, .ods, .mkv, .avi, .odt, .pdf, .docx, .gzip, .m2v, .cpt, .raw, .cdr, .cdx, .1cd, .3gp, .7z, .rar, .db3, .zip, .xlsx, .xls, .rtf, .doc, .jpeg, .jpg, .psd, .zip, .ert, .bak, .xml, .cf, .mdf, .fil, .spr, .accdb, .abf, .a3d, .asm, .fbx, .fbw, .fbk, .fdb, .fbf, .max, .m3d, .dbf, .ldf, .keystore, .iv2i, .gbk, .gho, .sn1, .sna, .spf, .sr2, .srf, .srw, .tis, .tbl, .x3f, .ods, .pef, .pptm, .txt, .pst, .ptx, .pz3, .mp3, .odp, .qic, .wps Source: Blaze’s Security Blog

The encrypted files are with random file extensions, and they look as the following example shows:

→ New Text [email protected] 1.2.0.id-{random ID}-{date and time of encryption}.{random three letter file extension}

After it scans for the files, the ransomware ciphers them, rendering the files unusable, at least not before they are decrypted. Users are strongly advised not to trust any cyber-crook utilizing this ransomware and to focus on removing this malicious threat from your device and seeking alternative methods to restore your data, instead of paying ransom money to the cyber-criminals.

Remove Vipasana Ransomware from Your Computer and Try to Restore Your Data

To be rid of this malware from your device, we strongly advise you to take the after-mentioned methodologically arranged removal steps. They will make sure the cyber-threat is gone from your computer without having to reinstall Windows.

Regarding file restoration, we strongly advise you not to pay the ransom money because:

  • You fund the cyber-criminals.
  • Your files may not be decrypted after all.

Instead, you may want to follow our security blog about any updates on the decryption and meanwhile try some or all of the general file recovering methods from step “4” in the instructions below.

1. Boot Your PC In Safe Mode to isolate and remove Vipasana
2. Remove Vipasana with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections and file encryption by Vipasana in the future
4. Restore files encrypted by Vipasana
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Vipasana threat: Manual removal of Vipasana requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.