Vatq Ransomware Seeks Files to Encrypt Causing System Damage

During our examination of new malware sample, our team made a discovery involving the Vatq ransomware, which belongs to the Djvu ransomware family. Once a computer is infected, Vatq proceeds to encrypt files and alters their filenames by adding the extension ".vatq". For instance, it transforms "1.jpg" into "1.jpg.vatq", and "2.png" into "2.png.vatq".

Furthermore, Vatq creates a ransom note in the form of a text file named "_readme.txt". It is highly probable that the threat actors distribute Vatq in conjunction with malware designed to steal information. The content of the ransom note, found in "_readme.txt", informs victims that file decryption is impossible without a specific decryption software and a unique key. To acquire further instructions for data decryption, victims are instructed to contact the attackers via the provided email addresses: support@freshmail.top or datarestorehelp@airmail.cc.

The note also emphasizes two payment options: $980 and $490. It suggests that victims can obtain decryption tools at a discounted price if they reach out to the cybercriminals within a 72-hour window.

Vatq Ransom Note Raises Ransom Demands After Three Days

The full text of the Vatq ransom note reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-tnzomMj6HU
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How Can Ransomware Like Vatq Infect Your Computer?

Ransomware like Vatq can infect your computer through various methods, often exploiting vulnerabilities or utilizing social engineering techniques. Here are some common ways ransomware can infect a computer:

• Malicious Email Attachments: One prevalent method is through phishing emails that contain infected attachments, such as Word documents, PDFs, or ZIP files. These attachments may appear innocent or urgent, tricking users into opening them, thereby executing the ransomware.
• Infected Websites and Malvertisements: Visiting compromised websites or clicking on malicious advertisements (malvertisements) can lead to a ransomware infection. Cybercriminals inject malicious code into legitimate websites or use ad networks to distribute infected ads that, when clicked, initiate the download and execution of ransomware.
• Exploit Kits: Ransomware can exploit vulnerabilities in software or operating systems. Exploit kits are toolkits used by cybercriminals to automate the process of identifying and exploiting security weaknesses in outdated or unpatched software. Once the system is compromised, ransomware can be deployed.
• Remote Desktop Protocol (RDP) Attacks: Cybercriminals target computers with poorly configured Remote Desktop Protocol (RDP) connections. They try to gain unauthorized access by guessing weak passwords or exploiting vulnerabilities in the RDP software, eventually deploying ransomware on the compromised system.
• Malicious Downloads and Software: Illegitimate or cracked software, torrents, or pirated content downloaded from untrustworthy sources may contain hidden ransomware. Users unknowingly install the malware while attempting to acquire or run such unauthorized content.