커넥션 바이러스 (.링크 파일) 랜섬웨어

이 페이지에서

Veza 바이러스 란 무엇입니까??

The Veza virus is like a bad magic spell that locks up files on computers so you can’t use them. It changes the names of files by adding “.veza” at the end, which means you can’t open them without a special key.

When Veza gets into a computer, it asks for money, paid in Bitcoin, to unlock the files. It leaves a note called “_readme.txt” on the desktop and in folders telling you how to pay the money. But even if you pay, there’s no promise your files will be unlocked.

The virus uses a tricky lock called the Salsa20 encryption algorithm that makes it very hard to open the files without the bad guy’s help. But if the Veza virus couldn’t talk to its home base before it locked the files, it uses a simpler lock that might be easier to open.

Below, an image shows what the locked files look like, marked by the “.veza” extension:

Encrypted Files by Veza Ransomware

이름	Veza Virus
Family ¹	STOP/Djvu Ransomware
Extension	.veza
Ransomware note	_readme.txt
Ransom	From $499 to $999 (in Bitcoins)
Contact	support@freshingmail.top, datarestorehelpyou@airmail.cc
Symptoms	Encrypts most of your files (photos, videos, documents) and adds a particular “.veza” extension; Deletes Volume Shadow copies to make attempts to restore data impossible for the victim; Adds a list of domains to the HOSTS file to block access to certain security-related sites; Installs a password-stealing Trojan on the system, like Vidar Stealer or RedLine Stealer; Manages to install a SmokeLoader backdoor;
Recovery	Start recovery with a comprehensive antivirus scan. Although not all files may be recoverable, our guide outlines several potential methods to regain access to encrypted files.

Veza Virus Overview

When the Veza virus gets onto a computer, it starts doing a lot of sneaky things. First, it pretends to be a Windows update with a fake message from a program called winupdate.exe to trick the computer user into thinking everything is normal.

At the same time, it runs another secret program that starts looking for important files on the computer to lock them up. It also uses a special command:

vssadmin.exe Delete Shadows /All /Quiet

This command stops the computer from being able to go back to how it was before the virus, which means you can’t easily fix what the virus changes.

The virus also messes with a list on the computer that helps it find websites. It changes this list so some websites don’t work anymore, especially sites that could help fix the computer or give advice about the virus. It does this by making the computer think these websites are just on your computer and nowhere else, which isn’t true.

The virus also leaves behind two text files on the computer that have secret codes related to the attack – these are called bowsakkdestx.txt and PersonalID.txt.

But that’s not all. This virus can also sneak in another bad program called Vidar, which can steal passwords and other private stuff from the computer. Here’s what Vidar can do:

Put other bad programs on the computer.
Steal passwords from programs like Steam, Telegram, and Skype.
Look at and change files without you knowing.
Steal digital money wallets.
Let hackers control the computer from far away.
Take private info like the websites you visit and your saved passwords.

The Veza virus uses a super tough lock called Salsa20 to keep files locked up. If it locks your files with a special key only it knows, it’s really hard to unlock them again. Each key is different for everyone, making it nearly impossible to guess.

If you want to get the key to unlock your files, the hackers ask for $999. They tell you to email them at (support@fishmail.top) to find out how to pay them.

Ransom Note: _readme.txt

How To Remove?

Remove Veza Virus with Gridinsoft Anti-Malware

우리는 또한이 소프트웨어 에서이 소프트웨어를 우리 시스템에서 사용하고 있습니다., 그리고 그것은 항상 바이러스를 감지하는 데 성공했습니다. It has blocked the most common Ransomware as 우리의 테스트에서 보여 주었다 소프트웨어와 함께, and we assure you that it can remove Veza Virus as well as other malware hiding on your computer.

악의적 인 위협을 제거하기 위해 Gridinsoft를 사용합니다, 아래 단계를 따르십시오:

1. Gridinsoft anti-malware를 다운로드하여 시작하십시오, 아래 또는 공식 웹 사이트에서 직접 파란색 버튼을 통해 액세스 할 수 있습니다. gridinsoft.com.

지금 다운로드하십시오

2.GridInsoft 설정 파일이되면 (Setup-gridinsoft-fix.exe) 다운로드됩니다, 파일을 클릭하여 실행하십시오. Follow the installation setup wizard's instructions diligently.

3. 액세스 "스캔 탭" on the application's start screen and launch a comprehensive "전체 스캔" 전체 컴퓨터를 검사합니다. 이 포괄적 인 스캔은 메모리를 포함합니다, 스타트 업 항목, 레지스트리, 서비스, 드라이버, 그리고 모든 파일, 가능한 모든 위치에 숨겨진 맬웨어를 감지하는지 확인.

인내하십시오, as the scan duration depends on the number of files and your computer's hardware capabilities. 이 시간을 사용하여 휴식을 취하거나 다른 작업에 참석하십시오..

4. 완료되면, 방지 방지는 PC에 감지 된 모든 악성 품목 및 위협이 포함 된 자세한 보고서를 제시합니다..

5. 보고서에서 식별 된 모든 항목을 선택하고 자신있게 "지금 청소" 단추. 이 작업은 컴퓨터에서 악의적 인 파일을 안전하게 제거합니다., 더 이상의 유해한 행동을 방지하기 위해 말장 방지 프로그램의 안전한 검역 구역으로 전송.

6. 프롬프트가있는 경우, 전체 시스템 스캔 절차를 마무리하려면 컴퓨터를 다시 시작하십시오.. 이 단계는 남은 위협을 철저히 제거하는 데 중요합니다.. 재시작 후, Gridinsoft anti-malware가 열리고 메시지를 표시합니다. 스캔 완료.

Gridinsoft는 6 일 무료 평가판을 제공합니다. 즉, 소프트웨어의 모든 이점을 경험하고 시스템의 향후 악성 코드 감염을 예방하기 위해 무료로 시험 기간을 이용할 수 있습니다.. Embrace this opportunity to fortify your computer's security without any financial commitment.

Video Guide

How To Decrypt .veza Files?

First, try deleting the “.veza” extension from a few big files and then opening them. This malware struggles with the encryption of large files. The virus either failed to lock the file upon access or encountered a bug and omitted adding the file marker. If your files exceed 2GB in size, the latter scenario is more probable.

Criminals released the newest extensions around the end of August 2019 after making several changes.

The changes by the criminals rendered STOPDecrypter unsupported, leading to its replacement with the Emsisoft Decryptor for STOP Djvu Ransomware developed by Emsisoft.

Download and Run the Decryption Tool: Download decryption tool. Ensure you run the decryption utility as an administrator and agree to the license terms that appear by clicking the “Yes” 단추. Upon accepting the license terms.
Select Folders for Decryption: The decryptor, by default, automatically selects directories on connected and network drives for decryption. Use the “Add” button to select additional locations. Depending on the malware family, decryptors offer various options, which you can toggle on or off in the Options tab. Below, you will find a detailed list of the currently active options.
Initiate Decryption by Clicking on the “Decrypt” Button. After adding all desired locations to the list, click the “Decrypt” button to start the decryption process. The decryptor will inform you upon completing the decryption process. If needed for documentation, you can save the report by clicking the “Save log” 단추. It’s also possible to copy the report to your clipboard for pasting into emails or messages.

How to Restore .veza Files?

In some case, ransomware fails to encrypt your files…

The Veza ransomware encryption process involves encrypting each file byte-by-byte, creating a duplicate, and then deleting (not overwriting) the original file. This deletion means the physical disk no longer lists the file in its system, although the original file remains on the drive. The sector that held the file might still contain it, but since the system does not list it, new data can overwrite it. However, special software can recover your files.

Solution 1Solution 2

This virus managed to bypass two antivirus programs and two malware fighters and infect my PC.

Realizing it was an online algorithm, I knew recovering my encrypted files was impossible. My backup drive, connected during the infection, seemed infected as well. Every folder on my backup drive appeared encrypted. Despite this, I managed to recover nearly 80% of my 2TB storage.

Examining the folders, I found ransom notes in each. Opening some revealed that only files not in subfolders were encrypted. Delving into subfolders on other folders, I discovered unencrypted files. Unlike my C and D drives where every folder, including subfolders, was encrypted, my backup drive’s subfolders saved 80% of my data.

I consider finding this loophole on my backup drive fortunate. 또한, I recovered another 10% of my data from a hard drive on a different PC. Thus, my advice for using a backup drive is to create subfolders. It was partly luck, but also misfortune that the virus struck during file transfers from my backup.

I hope this experience can assist others in similar predicaments.

Jamie Newland

Here are some tips for Veza file recovery and repair (applicable to all STOP/DJVU variants):

Check deeper nested folders since some Stop/Djvu variants fail to encrypt them, leaving them unencrypted.

Since this ransomware saves encrypted data to a new file and deletes the original, there’s a chance to recover parts of the deleted file using file recovery software. Although restoring the folder structure is unlikely, a tool like PhotoRec might work well.

The ransomware partially encrypts files (about the first 150 KB), making it possible to recover the non-encrypted portion depending on the file size and type.

Joep

브렌든 스미스

IT Security Expert

Try to use the GridinSoft Anti-Malware

Do not forget to share your experience in solving the problem. Please leave a comment here! This can help other victims to understand they are not alone. And together we will find ways to deal with this issue.

지금 다운로드하십시오

Gridinsoft anti-malware 6 일 시험 이용 가능.
에라 | 개인 정보 정책 | 10% 쿠폰 꺼짐

Recover Your Files with PhotoRec

PhotoRec, designed for file recovery from damaged disks or accidental deletion, now supports restoring 400 file types, making it useful after a Veza attack.

First, download PhotoRec. It’s free, but the developer offers no guarantee for file restoration. PhotoRec comes packaged with TestDisk, another tool from the same developer, under the TestDisk name. However, PhotoRec is included within the archive.

To start PhotoRec, open the “qphotorec_win.exe” file. No installation is necessary as the program contains all required files, allowing it to run from a USB drive.