Velso is a relatively new type of ransomware first reported in January 2018. The virus spreads mainly through spam emails which contain documents with malicious macros. When activated, the macros drop and execute the ransomware on the victim machines. The ransomware uses strong encryption (AES 256 and RSA 1024) to conceal the content of many types of files, so once infected, files cannot be decrypted without the proper keys. It also compromises the shadow copies as well, so the information cannot be restored by running disk level file recovery tools. Currently, there are no decryption tools available for this variant.
Once executed, the ransomware will show a command line window which displays the public key created to encrypt the files on the victim machine. It also asks the user to press a key. If the user does so, the encryption process begins and most of the files(matching a list of over 120 file extensions) accessible from the local machine will be encrypted. When the encryption operation is complete, a ransom note will be shown. It will ask the user to pay a ransom equivalent to a few hundred dollars to recover the files.
TEMASOFT Ranstop detects this Velso ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, actions are executed as configured (e.g., isolate the machine) and, at the same time, the malicious process is stopped and quarantined. All the encrypted files are automatically recovered to their original state, including the file name. Such an attack causes zero downtime to machines protected by TEMASOFT Ranstop.
Click here to watch TEMASOFT Ranstop in action (video)!
Learn how to protect against ransomware!
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.
This post was last modified on August 21, 2023 7:26 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…