A new variant of the Vengisto@firemail.cc ransomware has been discovered by computer security experts. It appends the .verasto file extension to encrypted files. This ransomware targets computers running Microsoft Windows by spam emails, malware or manually installing the ransomware. This article will provide you a brief summary of information related to this ransomware and how to recover (decrypt) .verasto files for free.
“Verasto ransomware” – ransom note
The .Verasto ransomware is malicious software which created in order to encrypt photos, documents and music. It hijack a whole personal computer or its data and demand a ransom in order to unlock (decrypt) them. The makers of the .Verasto ransomware ransomware have a strong financial motive to infect as many computers as possible. The files that will be encrypted include the following file extensions:
.wps, .mddata, .zw, .wgz, .dng, .wpw, .bc7, .pem, .orf, .bay, .wsc, .zip, .xlsx, .zdb, .vdf, .wpd, .iwi, .pkpass, .qic, .dxg, .wav, .odb, .tor, .pfx, .p7b, .crt, .crw, .erf, .xml, .xbdoc, .sie, .vpk, .wmd, .dbf, .cfr, .wp7, .asset, .kdb, .xlsm, .litemod, .hkdb, .rar, .t12, .m2, .odt, .wsd, .wpt, .rim, .menu, .ztmp, .pptx, .hkx, .wps, .wma, .wma, .layout, .dcr, .avi, .xwp, .csv, .kf, .wsh, .lvl, .wmv, .bsa, .accdb, .1st, .xmmap, .ff, .ysp, .wire, .sidn, .lrf, .snx, .upk, .3dm, .0, .vcf, .css, .x3f, .docm, .wcf, .xmind, .bkf, .wdb, .vpp_pc, .cer, .wp5, .mdf, .xlsb, .wmv, .blob, .nrw, .ybk, .wbm, .xlsm, .srf, .xy3, .sb, .qdf, .wbk, .map, .das, .xyp, .m4a, .mef, .js, .mcmeta, .rb, .wpl, .wmf, .zdc, .wbc, .xls, .bar, .pdd, .cdr, .xdl, .p12, .wpa, .jpg, .desc, .odp, .7z, .dwg, .sql, .wp4, .slm, .pptm, .png, .db0, .rw2, .fos, .rgss3a, .w3x, .sum, wallet, .ibank, .r3d, .jpeg, .t13, .ws, .wb2, .ntl, .webp, .itl, .doc, .m3u, .gdb, .mdb, .x3f, .sid, .y, .rofl, .itm, .sis, .rtf, .kdc, .x, .wot, .re4, .wpb, .arch00, .wri, .xlsx, .lbf, .xf, .xlk, .rwl, .forge, .sidd, .psk, .docx, .mrwref, .raf, .wm, .ptx, .zif, .wbd, .psd, .yal, .wbmp, .zip, .zi, .dba, .bkp, .wpe, .x3d, .big, .pst, .fpk, .ods, .zabw, .flv, .1, .pdf, .xlgc, .webdoc, .py, .3ds, .jpe, .xxx, .xll, .wbz, .indd, .mdbackup, .xbplate, .xar, .raw, .mlx, .itdb, .xx, .icxs, .wpg, .vtf, .vfs0, .hvpl, .wpd, .wotreplay, .epk, .svg, .esm, .sr2, .eps, .wdp, .d3dbsp, .cr2, .yml, .wmo, .ltx, .3fr, .apk, .cas, .xdb, .xyw, .der, .gho, .srw, .pef, .wp6, .fsh, .mov, .txt, .xpm, .iwd, .wp, .arw
Upon successful encryption, it appends the .verasto extension to the file name of its encrypted file. The ransomware also creates a text file named “_readme.txt” in each folder. This file is a ransomnote. The ransom note asks for money in the form of bitcoins. The content of the ransom note is below:
ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-oEUEuysYiZ Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: vengisto@firemail.cc Reserve e-mail address to contact us: vengisto@india.com Support Telegram account: @datarestore Your personal ID:
Threat Summary
| Name | .Verasto ransomware |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Contact Email | vengisto@firemail.cc, vengisto@india.com, Telegram account: @datarestore |
| Ransom note | _readme.txt |
| Symptoms |
|
| Removal | To remove .Verasto ransomware use the removal guide |
| Decryption | To decrypt .Verasto ransomware use the steps |
Instructions that is shown below, will allow you to remove .Verasto ransomware as well as recover (decrypt) encrypted files stored on your computer drives.
Quick links
- How to remove .Verasto ransomware
- How to decrypt .verasto files
- Use STOPDecrypter to decrypt .verasto files
- How to restore .verasto files
- How to protect your system from .Verasto ransomware?
- Finish words
How to remove .Verasto ransomware
Using a malicious software removal utility to detect and get rid of ransomware virus hiding on your system is probably the easiest solution to remove the .Verasto ransomware virus. We suggests the Zemana AntiMalware (ZAM) application for Microsoft Windows computers. MalwareBytes Anti-Malware (MBAM) and Kaspersky virus removal tool are other antimalware utilities for Microsoft Windows that offers a free malware removal.
Remove .Verasto ransomware with Zemana Anti-malware
Thinking about remove .Verasto ransomware from your computer? Then pay attention to Zemana Anti-Malware (ZAM). This is a well-known utility, originally created just to scan for and get rid of malware, adware software and PUPs. But by now it has seriously changed and can not only rid you of malware, but also protect your PC from ransomware, malware and adware, as well as identify and remove common viruses and trojans.
- Click the link below to download Zemana. Save it on your Desktop.
Zemana AntiMalware
164035 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- At the download page, click on the Download button. Your web-browser will display the “Save as” prompt. Please save it onto your Windows desktop.
- When downloading is done, please close all programs and open windows on your system. Next, start a file named Zemana.AntiMalware.Setup.
- This will run the “Setup wizard” of Zemana Anti Malware onto your machine. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana will run and open the main window.
- Further, click the “Scan” button to start scanning your PC for the .Verasto ransomware virus and other malicious software. Depending on your computer, the scan can take anywhere from a few minutes to close to an hour. While the utility is checking, you can see how many objects and files has already scanned.
- When that process is done, a list of all threats found is prepared.
- When you’re ready, click the “Next” button. The utility will remove .Verasto ransomware and other malicious software and move threats to the program’s quarantine. Once finished, you may be prompted to restart the computer.
- Close the Zemana Anti Malware (ZAM) and continue with the next step.
Run MalwareBytes Free to remove Verasto ransomware virus
We recommend using the MalwareBytes. You can download and install MalwareBytes Free to scan for and remove Verasto ransomware from your machine. When installed and updated, this free malicious software remover automatically scans for and removes all threats exist on the PC.
Please go to the link below to download MalwareBytes Free. Save it to your Desktop so that you can access the file easily.
326388 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After the download is complete, run it and follow the prompts. Once installed, the MalwareBytes Free will try to update itself and when this procedure is finished, press the “Scan Now” button to perform a system scan for the Verasto ransomware related files, folders and registry keys. A system scan may take anywhere from 5 to 30 minutes, depending on your personal computer. When a malicious software, adware or potentially unwanted programs are detected, the number of the security threats will change accordingly. Wait until the the scanning is complete. Once you’ve selected what you want to remove from your system click “Quarantine Selected” button.
The MalwareBytes AntiMalware is a free application that you can use to delete all detected folders, files, services, registry entries and so on. To learn more about this malware removal utility, we advise you to read and follow the tutorial or the video guide below.
Scan and clean your machine of ransomware virus with KVRT
KVRT is a free removal utility that can be downloaded and use to get rid of ransomwares, adware software, malware, trojans, worms and other threats from your personal computer. You may run this utility to locate threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) from the following link.
129058 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is finished, you’ll see the Kaspersky virus removal tool screen as shown on the image below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button to begin scanning your PC for the .Verasto ransomware and other malware. A system scan can take anywhere from 5 to 30 minutes, depending on your machine. When a threat is detected, the number of the security threats will change accordingly.
Once KVRT has completed scanning your machine, a list of all threats found is prepared as shown on the image below.
Review the report and then press on Continue to start a cleaning process.
How to decrypt .verasto files
The .Verasto ransomware encourages victim to contact it’s developers in order to decrypt all documents, photos and music. These persons will require to pay a ransom (usually demand for $490-$980 in Bitcoins).
Never pay the ransom! You might feel that you have no other choice but to pay up and decrypt .verasto files quickly. There is no guarantee that the developers of .Verasto ransomware virus will live up to the word and give back your documents, photos and music.
Files encrypted by Verasto ransomware
With some variants of Verasto ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .verasto files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.verasto).
Please check the twitter post for more info.
How to restore .verasto files
In some cases, you can recover files encrypted by .Verasto ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.
Use shadow copies to recover .verasto files
In order to restore .verasto personal files encrypted by the .Verasto ransomware virus from Shadow Volume Copies you can run a tool named ShadowExplorer. We recommend to use this method as it is easier to find and recover the previous versions of the encrypted files you need in an easy-to-use interface.
ShadowExplorer can be downloaded from the following link. Save it on your Windows desktop or in any other place.
438676 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After the download is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the image below.
Start the ShadowExplorer utility and then choose the disk (1) and the date (2) that you wish to restore the shadow copy of file(s) encrypted by the .Verasto ransomware virus as on the image below.
Now navigate to the file or folder that you want to recover. When ready right-click on it and click ‘Export’ button as shown in the figure below.
Restore .verasto files with PhotoRec
Before a file is encrypted, the .Verasto ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file recover applications like PhotoRec.
Download PhotoRec from the following link.
When the download is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder like below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll display a screen as displayed below.
Select a drive to recover as on the image below.
You will see a list of available partitions. Choose a partition that holds encrypted documents, photos and music as displayed in the figure below.
Click File Formats button and choose file types to restore. You can to enable or disable the restore of certain file types. When this is finished, press OK button.
Next, press Browse button to select where recovered documents, photos and music should be written, then press Search.
Count of recovered files is updated in real time. All recovered personal files are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is complete, click on Quit button. Next, open the directory where restored photos, documents and music are stored. You will see a contents as shown in the figure below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your system from .Verasto ransomware?
Most antivirus apps already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, use the HitmanPro.Alert.
Use HitmanPro.Alert to protect your PC system from .Verasto ransomware virus
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
HitmanPro.Alert can be downloaded from the following link. Save it directly to your Windows Desktop.
After the download is done, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. When the tool is started, you’ll be displayed a window where you can select a level of protection, as shown below.
Now press the Install button to activate the protection.
Finish words
Once you’ve finished the steps above, your system should be clean from .Verasto ransomware virus and other malware. Your PC will no longer encrypt your personal files. Unfortunately, if the tutorial does not help you, then you have caught a new variant of ransomware, and then the best way – ask for help here.
STOP (Djvu)ransomnote
_email: gorentos@bitmessage.chsample_
extension: .vesratosample_bytes: [0x5E3DB – 0x5E3F5] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
Your personal ID:150uyGgdLdfNfLJBrr4bLMWsBouR3n4lOq43QRDhrHZRXvU9cLRr
mac adress: E0:D5:5E:1F:3A:24
please help me
If STOPDecrypter does not help you to decrypt .vesrato files, then try ShadowExplorer or PhotoRec.
ShadowExplorer or PhotoRec. recover 50% file but all file renamed and one folder