Viiperware is distributed by hacking through an insecure RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers.
Viiperware uses a strong encryption method that makes the affected files inaccessible. Some of the files types that may be encrypted in attacks like Viiperware include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
Viiperware appends the .viiper extension to files. Viiperware displays a program window named 'ViiperWare – Ransomware,' which displays the Viiperware's ransom note after the victim's files become encrypted. Viiperware allows the victim to select the language in which the ransom note will be displayed. Unfortunately, once Viiperware encrypts a file, it only can be decrypted with the decryption application that the con artists hold in their possession. The people responsible for Viiperware demand a ransom payment of 20 Euro in exchange for the decryption key, although there is no guarantee that the con artists will deliver the decryption key after the ransom is paid. The full text of Viiperware ransom note reads:
1.) What Happened to my files? a. Your Files has been encrypted, what means you're not able to use them anymore until you decrypt them. 2.) Can I recover my FIles? b. yes of course you can recover them. It's pretty easy to do that but of course it is not free. Just Pay the Price wich is shown below and you will recive your Decryption Key after we received the Payment! 3.) How I got infected with this? c. Probably you tried to download something illegal from the Internet or you got scammed by someone. [Enter Decryption|BUTTON] [Pay the Price|BUTTON] Price: 20,00 €