vxCrypter: Ransomware and Duplicate File Cleanup
Posted: April 11, 2019 to Cybersecurity.
vxCrypter Ransomware not only encrypts your computer, it also deletes duplicate files. According to Lawrence Abrams, creator and owner of BleepingComputer, the vxCrypter Ransomware could be “the first ransomware infection that not only encrypts a victim's data, but also tidy's up their computer by deleting duplicate files.” vxCrypter is based on an older ransomware called vxLock that never saw fruition. At first, Abrams believed the duplicate file deletions to be a bug in the encryption code. Collaboration with Michael Gillespie, a ransomware researcher at BleepingComputer, the file deletions were deliberate and targets a multitude of file extensions including: .txt .doc .docx .xls .xlsx .ppt .pptx .sqlite .odt .jpg .jpeg .bmp .gif .png .csv .sql .mdb .sln .php .asp .aspx .html .xml .psd .xsd .cpp .c .h .hpp .htm .py .reg .rb .pl .zip .rar .tgz .key .jsp .db .sqlite3 .sqlitedb .bat .bak .7z .avi .fla .flv .java .mpeg .pem .wmv .tar .tgz .tif .tif It leaves duplicates for other files such as .exe or .dll. Though the exact reason behind the deletion process is unknown, it may increase the efficacy and tempo of the virus encryption process.