The VSOP ransomware appears to be directly linked to another malware that also demands ransom after stealing data from its victims. Based on the similarities in their attack processes, researchers believe VSOP may be a variant of the Onyx ransomware that was spotted in May of this year.
VSOP ransomware has been multiplying victims, whether they are businesses or individuals. Its attacks begin with massive distribution of emails containing links or malicious software.
This way, the attackers manage to take advantage of a lack of attention from the user who opens the email. And without realizing it, he opens a breach in your system.
Once in the system, the attacker releases VSOP ransomware that can scan the environment and detect the most valuable data for encryption. This data is then encrypted using AES and RSA algorithms.
Once encrypted, the original file name is changed and gains the extension “.PPLIT”. Files with this extension become inaccessible to the user.
A ransom note in .txt format is generated by the VSOP ransomware. According to this note, the only way for the victim to review their data would be to pay the cybercriminals a ransom in exchange for a decoder.
As a proof of trust, the attackers propose to restore a file of the victim’s choice. This practice is becoming increasingly common, however after the payment is made, the cybercriminals do not always actually send the promised decoder.
What is not said in that ransom note is that there are qualified professionals who specialize in ransomware-encrypted data recovery.
Recover files encrypted by VSOP ransomware
At Digital Recovery, these professionals are on hand to perform the recovery in the best way possible.
With over 23 years of experience in the data recovery industry, our team has had the opportunity to assist hundreds of companies following a ransomware attack.
Our team consists of professionals who specialise in the recovery of data encrypted by ransomware. Our solutions have been developed based on the General Data Protection Regulation (GDPR).
Most of the time we work remotely, which means we can take our solution to virtually any company in the world.
So decide not to fund future attacks and contact us to recover your data.