Cyber Security Center

How to delete Vvoa ransomware


Vvoa ransomware is malware from the Djvu/STOP ransomware family. The gang behind this ransomware are notorious for releasing ransomware left and right, and this version can be identified by the .vvoa extension added to encrypted files. Also drops the typical _readme.txt ransom note.

 

Vvoa ransom note

Vvoa ransomware is file-encrypting malware, and belongs to the Djvu/STOP ransomware family, which includes malware like Agho, Vpsh, Jdyi, and Iiss. Vvoa ransomware is a dangerous malware infection because it encrypts files, and decrypting them is not possible without users obtaining the special decryption tool. But to obtain the decryptor, users would need to pay the ransom of $980 (or $490 if contact is paid within 72 hours). However, when it comes to ransomware, paying the ransom is not recommended as it does not ensure that a decryptor would be sent to victims. Users should keep in mind that they are dealing with cyber criminals who will likely not feel obligated to send the decryptor. There is always a possibility that this could happen, and it has happened many times in the past with different ransomware. Thus, paying the ransom is never encouraged.

It must be mentioned that malware researchers do release free decryption tools to help users recover files. But while a free decryptor for many Djvu/STOP ransomware versions has been released by Emsisoft, it does not work on newer versions such as Vvoa because they use online keys to encrypt files. That means that the key is unique to each victim, and a decryptor cannot be made without knowing those keys. But there still is a possibility that a decryptor will become available eventually, the gang themselves may release the keys, or they may get caught by law enforcement. So users should back up the encrypted files and occasionally check NoMoreRansom for a decryptor. However, users should also be aware that there are many fake decryptors advertised on various highly questionable forums, and downloading them could result in an additional malware infection.

This, unfortunately, means that backup is currently the only way to recover files for free. If users have backup copies of their files, file recovery should not be an issue for them. All they need to do is remove Vvoa ransomware from the computer and they can then access their backup. It goes without saying that if the ransomware still remains when backup is accessed, those backed up files may become encrypted as well.

How does ransomware enter a computer

Ransomware doesn’t just enter a computer out of the blue, there is always a trigger that allows it to enter. That trigger is usually users opening malicious email attachments, downloading torrents or interacting with high-risk websites. By simply developing better browsing habits, users should be able to avoid infecting their computers with the majority of malware.

One of the most common ways users infect their computers with ransomware and other kinds of malware is by pirating copyrighted content via torrents. It’s not without reason that users are always warned that pirating is dangerous for the computer. There is a lot of malware on torrent sites because they are unregulated, which allows cyber crooks to easily upload their malware disguised as a movie or an episode of a TV series. It’s particularly common to find malware in torrents for content that’s particularly popular at the time. For example, when Breaking Bad was airing, loads of torrents for episodes contained malware.

Another common way to pick up ransomware is by carelessly opening unsolicited email attachments. Malicious actors often launch malspam email campaigns that come with malware included in the attachment, and if users open it, they’ll end up infecting their computers with said malware. In the majority of cases, those emails will very obviously be spam as they contain loads of grammar and spelling mistakes, are sent from seemingly random email addresses, and strongly pressure users into opening the email attachments. But since some attempts to infect a computer may not be as obvious, it’s highly recommended to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Are Vvoa ransomware encrypted files recoverable?

While the ransomware is encrypting files, it will show a fake Windows Update window to distract users from what’s happening. Once the encryption process is complete, users will notice that all affected files will have .vvoa added to them. For example, image.jpg would become image.jpg.vvoa. All files with that extension will be unopenable, unless users first decrypt the files. A ransom note _readme.txt dropped in all folders containing encrypted files will demand that users pay a ransom in order to receive the decryptor. The price is $980, or $490 if victims contact the cyber crooks within 72 hours. Users are also informed that they can decrypt one file for free, if it does not contain any important information.

Whatever is the price victims are asked to pay, it’s not recommended to do so. As we said above, there is nothing to guarantee that a decryptor would actually be sent to those who pay the ransom, as the cyber crooks behind this ransomware aren’t obligated to send it. Furthermore, the money would only support future criminal activity, encouraging these cyber crooks to continue.

Here is the ransom note dropped by this ransomware:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-Dz5odBd07y
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
restoremanager@airmail.cc

Your personal ID:

The only users who can recover files at this current moment are those who have backup. Once users delete Vvoa ransomware from their computers, they can safely access their backup.

Vvoa ransomware removal

Using anti-virus software to remove Vvoa ransomware is necessary, as it’s a serious malware infection that users shouldn’t try to get rid of manually. Unless they’re planning on reinstalling the Windows. Unfortunately, files will not become decrypted just because the ransomware has been deleted.

Vvoa ransomware is detected as:

  • Win32:DropperX-gen [Drp] by Avast/AVG
  • Trojan.GenericKDZ.71381 by BitDefender
  • Trojan.GenericKDZ.71381 (B) by Emsisoft
  • HEUR:Trojan-PSW.Win32.Tepfer.gen by Kaspersky
  • Trj/GdSda.A by Panda
  • GenericRXMP-YU!B5B59A341923 by McAfee
  • Trojan.MalPack.GS by Malwarebytes
  • Trojan:Win32/EmotetCrypt!ml by Microsoft
  • ML.Attribute.HighConfidence by Symantec