¿Qué es el virus Veza??
The Veza virus is like a bad magic spell that locks up files on computers so you can’t use them. It changes the names of files by adding “.veza” at the end, which means you can’t open them without a special key.
When Veza gets into a computer, it asks for money, paid in Bitcoin, to unlock the files. It leaves a note called “_readme.txt” on the desktop and in folders telling you how to pay the money. But even if you pay, there’s no promise your files will be unlocked.
The virus uses a tricky lock called the Salsa20 encryption algorithm that makes it very hard to open the files without the bad guy’s help. But if the Veza virus couldn’t talk to its home base before it locked the files, it uses a simpler lock that might be easier to open.
Abajo, an image shows what the locked files look like, marked by the “.veza” extension:
Encrypted Files by Veza Ransomware
| Nombre | Veza Virus |
| Familia 1 | STOP/Djvu Ransomware |
| Extension | .veza |
| Ransomware note | _readme.txt |
| Ransom | From $499 a $999 (in Bitcoins) |
| Contact | support@freshingmail.top, datarestorehelpyou@airmail.cc |
| Symptoms |
|
| Recovery | Start recovery with a comprehensive antivirus scan. Although not all files may be recoverable, our guide outlines several potential methods to regain access to encrypted files. |
Veza Virus Overview
When the Veza virus gets onto a computer, it starts doing a lot of sneaky things. First, it pretends to be a Windows update with a fake message from a program called winupdate.exe to trick the computer user into thinking everything is normal.
At the same time, it runs another secret program that starts looking for important files on the computer to lock them up. It also uses a special command:
vssadmin.exe Delete Shadows /All /QuietThis command stops the computer from being able to go back to how it was before the virus, which means you can’t easily fix what the virus changes.
The virus also messes with a list on the computer that helps it find websites. It changes this list so some websites don’t work anymore, especially sites that could help fix the computer or give advice about the virus. It does this by making the computer think these websites are just on your computer and nowhere else, which isn’t true.
The virus also leaves behind two text files on the computer that have secret codes related to the attack – these are called bowsakkdestx.txt and PersonalID.txt.
But that’s not all. This virus can also sneak in another bad program called Vidar, which can steal passwords and other private stuff from the computer. Here’s what Vidar can do:
- Put other bad programs on the computer.
- Steal passwords from programs like Steam, Telegram, and Skype.
- Look at and change files without you knowing.
- Steal digital money wallets.
- Let hackers control the computer from far away.
- Take private info like the websites you visit and your saved passwords.
The Veza virus uses a super tough lock called Salsa20 to keep files locked up. If it locks your files with a special key only it knows, it’s really hard to unlock them again. Each key is different for everyone, making it nearly impossible to guess.
If you want to get the key to unlock your files, the hackers ask for $999. They tell you to email them at (support@fishmail.top) to find out how to pay them.
Ransom Note: _readme.txt
How To Remove?
Remove Veza Virus with Gridinsoft Anti-Malware
También hemos estado utilizando este software en nuestros sistemas desde entonces., y siempre ha tenido éxito en la detección de virus.. It has blocked the most common Ransomware as mostrado en nuestras pruebas con el software, and we assure you that it can remove Veza Virus as well as other malware hiding on your computer.
Para utilizar Gridinsoft para eliminar amenazas maliciosas, sigue los pasos a continuación:
1. Comience descargando Gridinsoft Anti-Malware, accesible a través del botón azul a continuación o directamente desde el sitio web oficial gridinsoft.com.
2.Una vez que el archivo de instalación de Gridinsoft (setup-gridinsoft-fix.exe) se descarga, ejecutarlo haciendo clic en el archivo. Follow the installation setup wizard's instructions diligently.
3. Acceder al "Pestaña Escanear" on the application's start screen and launch a comprehensive "Análisis completo" para examinar toda su computadora. Este escaneo inclusivo abarca la memoria., elementos de inicio, el registro, servicios, conductores, y todos los archivos, asegurando que detecta malware oculto en todas las ubicaciones posibles.
Ser paciente, as the scan duration depends on the number of files and your computer's hardware capabilities. Utilice este tiempo para relajarse o atender otras tareas..
4. Al finalizar, Anti-Malware presentará un informe detallado que contiene todos los elementos maliciosos y amenazas detectados en su PC.
5. Seleccione todos los elementos identificados del informe y haga clic con confianza en el "Limpio ahora" botón. Esta acción eliminará de forma segura los archivos maliciosos de su computadora., transfiriéndolos a la zona de cuarentena segura del programa antimalware para evitar futuras acciones dañinas.
6. Si se le solicita, reinicie su computadora para finalizar el procedimiento de escaneo completo del sistema. Este paso es crucial para garantizar la eliminación completa de cualquier amenaza restante.. Después del reinicio, Gridinsoft Anti-Malware se abrirá y mostrará un mensaje confirmando la finalización del escaneo.
Recuerde Gridinsoft ofrece una prueba gratuita de 6 días. Esto significa que puede aprovechar el período de prueba sin costo alguno para experimentar todos los beneficios del software y prevenir futuras infecciones de malware en su sistema.. Embrace this opportunity to fortify your computer's security without any financial commitment.
Video Guide
How To Decrypt .veza Files?
First, try deleting the “.veza” extension from a few big files and then opening them. This malware struggles with the encryption of large files. The virus either failed to lock the file upon access or encountered a bug and omitted adding the file marker. If your files exceed 2GB in size, the latter scenario is more probable.
Criminals released the newest extensions around the end of August 2019 after making several changes.
The changes by the criminals rendered STOPDecrypter unsupported, leading to its replacement with the Emsisoft Decryptor for STOP Djvu Ransomware developed by Emsisoft.
- Download and Run the Decryption Tool: Download decryption tool. Ensure you run the decryption utility as an administrator and agree to the license terms that appear by clicking the “Sí” botón. Upon accepting the license terms.
- Select Folders for Decryption: The decryptor, by default, automatically selects directories on connected and network drives for decryption. Use the “Add” button to select additional locations. Depending on the malware family, decryptors offer various options, which you can toggle on or off in the Options tab. Abajo, you will find a detailed list of the currently active options.
- Initiate Decryption by Clicking on the “Decrypt” Button. After adding all desired locations to the list, click the “Decrypt” button to start the decryption process. The decryptor will inform you upon completing the decryption process. If needed for documentation, you can save the report by clicking the “Save log” botón. It’s also possible to copy the report to your clipboard for pasting into emails or messages.
How to Restore .veza Files?
In some case, ransomware fails to encrypt your files…
The Veza ransomware encryption process involves encrypting each file byte-by-byte, creating a duplicate, and then deleting (not overwriting) the original file. This deletion means the physical disk no longer lists the file in its system, although the original file remains on the drive. The sector that held the file might still contain it, but since the system does not list it, new data can overwrite it. Sin embargo, special software can recover your files.
Realizing it was an online algorithm, I knew recovering my encrypted files was impossible. My backup drive, connected during the infection, seemed infected as well. Every folder on my backup drive appeared encrypted. Despite this, I managed to recover nearly 80% of my 2TB storage.
Examining the folders, I found ransom notes in each. Opening some revealed that only files not in subfolders were encrypted. Delving into subfolders on other folders, I discovered unencrypted files. Unlike my C and D drives where every folder, including subfolders, was encrypted, my backup drive’s subfolders saved 80% of my data.
I consider finding this loophole on my backup drive fortunate. Además, I recovered another 10% of my data from a hard drive on a different PC. Thus, my advice for using a backup drive is to create subfolders. It was partly luck, but also misfortune that the virus struck during file transfers from my backup.
I hope this experience can assist others in similar predicaments.
Jamie Newland
CLUF | política de privacidad | 10% Cupón de descuento
Recover Your Files with PhotoRec
PhotoRec, designed for file recovery from damaged disks or accidental deletion, now supports restoring 400 file types, making it useful after a Veza attack.
First, download PhotoRec. It’s free, but the developer offers no guarantee for file restoration. PhotoRec comes packaged with TestDisk, another tool from the same developer, under the TestDisk name. Sin embargo, PhotoRec is included within the archive.
To start PhotoRec, open the “qphotorec_win.exe” file. No installation is necessary as the program contains all required files, allowing it to run from a USB drive.
Deja un comentario