Bitcoin Ransomware Education — VMola
It is evident cyber criminals continue to explore the ransomware market for as long as they possibly can. VMola is one of the more recent strains of malicious software that asks its victims to make a Bitcoin payment. It does not appear to be one of the most sophisticated forms of malware, though. Then again, the developers may still make good money from this ransomware strain regardless.
It is good to know not every type of ransomware will cause a lot of damage. To be more specific, the VMola strain does encrypt computer files and displays a ransom message to its victims. However, it is not the biggest threat users will ever encounter, as the people responsible for this malicious tool have not put a lot of effort into creating this threat by any means.
To be more specific, the VMola ransomware makes no bones about what it expects its victims to do whatsoever. Once the tool infects a computer and encrypts all the files, it will display a very simple ransom message. In fact, there is no GUI associated with the message, nor are there links to click. Victims have to manually send 0.1 Bitcoin to the address provided in the note. Users will have to copy this address as well, as there is no payment button whatsoever.
Although the Bitcoin ransom in question is quite small compared to other types of ransomware, it should not be paid by victims in the first place. Considering how all victims who pay the money will need to include their email address along with the transaction ID, there is no reason to think victims will receive the decryption key. That is always one of the downsides when paying a ransom, as there is no guarantee of getting the decryption key whatsoever.
Luckily, it appears it is relatively easy to get rid of this ransomware without paying the Bitcoin demand. In fact, users can restore data from a previous backup. Most ransomware developers delete the shadow volume copy on the infected device right away, yet this malicious tool has no interest in doing this. That is another clear example of how this malicious tool is nothing more than an amateur attempt to make some quick money.
Given the fact that VMola has no fancy coding under the hood either, it will only be a matter of time until a free decryption tool is created. For now, such a tool does not exist, although using a proper anti-malware tool should get rid of the infection as well. Moreover, security experts believe VMola has only one decryption key for all victims, which should make it a lot easier to crack the encryption as well.
As we expect from ransomware these days, VMola is distributed through spam campaigns laden with malicious email attachments. This method of distribution has been quite successful over the past few months, and criminals have no reason to change a winning formula whatsoever. Never open an email from a sender you don’t know, and even if you do, make sure not to download the email attachment whatsoever.
Alan Zibluk Markethive Founding Member