Geek's Advice

VAGGEN ransomware uses cryptography to deny your access to files

Vaggen is the name of yet another type of ransomware – it infects the victim‘s computer, encrypts personal files, thus removing any access to them. The developers of this virus demand a ransom to revert these changes. You can tell easily whether you have been infected by it or not – the ransomware changes the names of affected files by appending .VAGGEN extension. For instance, if a file has the name of A.docx it would appear as A.docx.VAGGEN after the encryption. This malware also leaves a ransom note AboutYourFiles.txt that is placed in all affected folders as well as changes the desktop wallpaper. 

Like most other viruses of this kind, VAGGEN ransomware uses encryption in order to provide financial benefit to its developers. In this case, as stated in the desktop wallpaper, the user is urged to pay $80 in Bitcoin. Instructions on how to do this are provided in the AboutYourFiles.txt file.

The file contains a straightforward message – if you want to regain access to your files, you need to pay the aforementioned amount of money to the 1LthWWSd82dKddmHwqhBv8XHiYyU BTC wallet address and then write an email to employer21@protonmail.com. This course of action will supposedly lead the user to receive a decryption tool – a piece of software that contains a unique key created to revert these changes.

Unfortunately, there is no other third-party software that could revert the changes made to your files. Most of the ransomware developers use high-end cryptography algorithms that are basically impossible to crack manually. Having this in mind, it is not advisable to follow hackers’ instructions since they are not trustworthy. It is important to realize that the people behind this are completely profit-driven, which means that if they see another opportunity to extort you – they will use it. For this reason, there is a high chance of not getting any VAGGEN decryption tool even after you pay the ransom.

Ransomware proliferation methods

To put it simply – there is never a shortage of ways to distribute malware. You can get infected by downloading from untrustworthy sites and file-sharing platforms, by spam emails, trojans (chain infections), fake updaters, software bundling, and software activation (cracking) tools to mention a few.

For example, you should always keep in mind that downloading from file-sharing platforms like Torrent, zMule and Mediafire is risky – you will never know whether the contents of the download contain malware or not. Some of these sites offer a supposed scanning option before the download is made (to prevent installing any unwanted software) but usually it is just a gimmick.

The other commonly used way to distribute viruses is through malspam campaigns. Most people are acknowledged of spam – email sites use their algorithms to detect spam and prevent it from doing any harm to the users. However, there is a small percentage of people who still fall for this and the developers of crypto viral threats like VAGGEN tend to exploit this.

To explain in short, this is a social-engineering scheme that has been used for ages – a large amount of deceitful emails is sent to random internet users. These emails contain various content that usually urges to either open a file attached to it or to follow the link provided. Once the user is tricked into it, a virus tries to intrude your system and if you do not have sufficient protection it might succeed.

Avoiding potential damage

Let us be real – nobody deliberately wants to get infected by viruses (except cybersecurity specialists who tend to do that for professional purposes). The developers of malware tend to exploit the main trait of internet users – the shortage of attention and carefulness. For this reason, you should always download only from official, verified sites. Do not open any suspicious-looking links or files attached to received emails.

To avoid dealing with viruses like VAGGEN, you should also be cautious while casually surfing the internet – do not interact with intrusive ads. And most importantly – regularly create backups since it is the only way to keep personal data safe.

Removing VAGGEN ransomware

If you see any signs of being infected, you should take immediate action to remove VAGGEN ransomware from your PC. This is due to the fact, that it might do more extensive damage, especially if you plan on using a backup without dealing with the malware first. Even though removing the virus will not revert the changes made to your files, it is important that you follow this course of action to be able to use your system safely. We recommend you use robust and trustworthy antivirus software to deal with this situation.

After the complete VAGGEN virus removal, you will be able to restore files from a backup. Also, dealing with damage that has been done to your system continues after the removal process – RESTORO is professional software that is designed for it. To remove the virus, follow the steps below. 

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

STEP 1. REMOVE AUTOMATICALLY WITH ROBUST ANTIVIRUS

REMOVE & PROTECT WITH INTEGO

Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7.. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.

Use INTEGO Antivirus to remove detected threats from your computer.

Read full review here.

STEP 2. REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Matt Corey

Matt Corey is passionate about the latest tech news, gadgets and everything IT. Matt loves to criticize Windows and help people solve problems related to this operating system. When he’s not tinkering around with new gadgets he orders, he enjoys skydiving, as it is his favorite way to clear his mind and relax.