Files hacked and encrypted with vscrypt extensions

Tobimkcb · ‎07-12-2009

I opened my folders today to find that some files (almost all .doc files) had been encrypted. They all now end with .vscrypt and are unreadable by ordinary means. I tried looking this up on the Norton/Symantec site and came up with info on a trojan called Ransomcrypt (low risk). I ran LiveUpdate and a full system scan but the only threat that came up was a tracking cookie, which was quarantined and deleted. The encryption has only happened on a smattering of files and I'm not convinced it is Ransoncrypt anyway as apparently this lodges in the desktop and changes it to a ransom note in Russian, which hasn't happened (yet). However, I've tried searching for several variants on 'vscrypt' on the Norton/Symantec file, but with no search results. I don't know if a) I've deleted the trojan or b) how to decrypt the files. Please can anyone help?

delphinium · ‎11-21-2008

Hi Tobimkcb:

There was a post on this subject a while back. I will attempt to locate it. Please do not try to remove the trojan if it is still there. I will get back to you on this.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

dbrisendine · ‎10-06-2008

If you check the History in NIS/NAV (you have not said which Norton product you have), then under Resolved Security Risks you should see if Norton removed the Trojan.

When these type malware first appeared, they started with 256 bit encryption keys. Most AV labs figured out how to generate the keys so the user did not have to pay. Nowadays, this type uses 1024 bit encryption keys or better. It will take about 80 years to figure out the encryption key at that level. Every two bits added to the key encryption adds a level of difficultly in breaking the code.

The best remedy is to remove the Trojan and then restore the files from a backup.