Ranstop anti-ransomware blocks Velso ransomware

Test subject – Velso ransomware

Velso is a relatively new type of ransomware first reported in January 2018. The virus spreads mainly through spam emails which contain documents with malicious macros. When activated, the macros drop and execute the ransomware on the victim machines. The ransomware uses strong encryption (AES 256 and RSA 1024) to conceal the content of many types of files, so once infected, files cannot be decrypted without the proper keys. It also compromises the shadow copies as well, so the information cannot be restored by running disk level file recovery tools. Currently, there are no decryption tools available for this variant.

Velso ransomware test facts

Once executed, the ransomware will show a command line window which displays the public key created to encrypt the files on the victim machine. It also asks the user to press a key. If the user does so, the encryption process begins and most of the files(matching a list of over 120 file extensions) accessible from the local machine will be encrypted. When the encryption operation is complete, a ransom note will be shown. It will ask the user to pay a ransom equivalent to a few hundred dollars to recover the files.

Velso ransomware test results

TEMASOFT Ranstop detects this Velso ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, actions are executed as configured (e.g., isolate the machine) and, at the same time, the malicious process is stopped and quarantined. All the encrypted files are automatically recovered to their original state, including the file name. Such an attack causes zero downtime to machines protected by TEMASOFT Ranstop.


Click here to watch TEMASOFT Ranstop in action (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.