VO_ Ransomware Virus (Removal Steps and Protection Updates)

The VO_ Ransomware is a new iteration of the SQ_ ransomware which has infected numerous computers since its first inception. To learn more about the threat and remove existing infections read our removal guide.


Name
VO_

File Extensions
VO_

Ransom
4 Bitcoins

Solution #1
You can skip all steps and remove VO_ with the help of an anti-malware tool.

Solution #2
VO_ ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Spam Email Campaigns, malicious ads & etc.

VO_ Ransomware Description

The VO_ ransomware virus is a new strain of the old SQ_ ransomware which was detected in July 2015. The newly identified samples encrypt target user file type extensions upon infection and append the .VO_ extension to the compromised files. The used ciphers are AES and RSA-1024 and the criminal operators of the threat extort a sum of 4 Bitcoins from the victims.

The ransomware note is written in two parts – the first one is in English and the second is in Korean.

Here is the English excerpt of the note:

Good morning. Your computer has been locked by ransomware, your personal files are encrypted and you have unfortunately “lost” all your pictures, files and documents on the computer. Your important files encryption produced on this computer: videos, photos, documents, etc.
Encryption was produced using unique public key RSA-1024 generated for this computer. To decrypt files you need to obtain the private key.
All encrypted files contains VO_
Your number: 338888409888891
To obtain the program for this computer, which will decrypt all files, you need to pay 4 bitcoins on our bitcoin address 1FWTrWjA6QKuzEbE7pYtXWH8GU2jhndar2 (today 1 bitcoin was 260 USA dollars). Only we and you know about this bitcoin address.
You can check bitcoin balanse here – https://www.blockchain.info/address/1FWTrWjA6QKuzEbE7pYtXWH8GU2jhndar2
After payment send us your number on our mail [email protected] and we will send you decryption tool (you need only run it and all files will be decrypted during 1…3 hours)
Before payment you can send us one small file (100..500 kilobytes) and we will decrypt it – it’s your garantee that we have decryption tool. And send us your number with attached file.
We dont know who are you. All what we need – it’s some money.
Don’t panic if we don’t answer you during 24 hours. It means that we didn’t received your letter (for example if you use hotmail.com or outlook.com
it can block letter, SO DON’T USE HOTMAIL.COM AND OUTLOOK.COM. You need register your mail account in www.ruggedinbox.com (it will takes 1..2 minutes) and write us again)
You can use one of that bitcoin exchangers for transfering
bitcoin.https://www.korbit.co.kr
https://www.coinplug.com
https://ko-kr.facebook.com/coinplug
You dont need install bitcoin software – you need only use one of this exchangers or other exchanger that you can find in www.google.com for your country.
Please use english language in your letters. If you don’t speak english then use https://translate.google.com to translate your letter on english language.

VO_ Ransomware Distribution

The first malware samples of the VO_ ransomware were identified in the beginnning of December 2016. The virus primarily targets victims located in English and Korean-speaking countries however other places have been found to be targets as well.

The VO_ ransomware is primarily distributed via the typical malware distribution channels – spam email messages, browser hijackers, malicious ads and etc.

VO_ Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete VO_ completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely VO_ Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of VO_ requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete VO_ ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps

restore-files-using-system-restore-point

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *