April 2, 2019updated 12 Apr 2019 4:13pm

Meet vxCrypter: the bizarre ransomware that tidies up victims’ files as it encrypts

By Lucy Ingham

An unorthodox new ransomware known as vxCrypter has been discovered that not only encrypts and holds a user’s files to ransom, but also tidies up their file system in the process.

While vxCrypter, which was first discovered by Lawrence Abrams, poses the typical threat to users by forcing them to pay a ransom to regain access their infected and therefore encrypted files, it also deletes duplicate files, tidying up their computer.

Researchers had initially thought this was an intentional bug produced in the development of the ransomware, but it is now thought it is an intentional move designed not only to speed up the encryption process but also increase the threat to users.

“Decryption can take time when it comes to large quantities of data,” explained Roy Rashti, a cybersecurity expert at BitDam.

“By encrypting solely unique files, the vxCrypter ransomware can speed up this process. In addition, the prospect of losing files that hold valuable information could intimidate the affected end user into paying the ransom.”

How users can protect against vxCrypter ransomware

For users, the advice is the same as for any ransomware: stay alert to unknown and potentially malicious files, and keep separate backups of anything valuable to avoid needing to pay a ransom.

“To prevent this from happening, users should stay alert and make sure they have proper security solutions in place,” said Rashti.

“Keeping a backup of any important files in a trusted location is also a good habit to get into.”

For organisations, however, it is important to remember that ransomware is constantly evolving, and so companies need to be alert to new methods rather than rely solely on approaches that have worked in the past.

“Ransomware is a major source of income for cybercriminals,” said Rashti.

“This means they are constantly innovating and investing in new attack methods to overcome target organisations’ security solutions. Rather than reacting once an attack has taken place, organisations must always be on guard and be prepared for any possible scenario.”

Read more: Victims of a ransomware attack should “never pay off the ransom”


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: