VCrypt Ransomware encrypt user data using 7Zip, a legitimate file encryption program, and then delete the original folder. Apparently it is target toward French speaking victims. When the malicious program unpack itself and execute it extract command line version of 7zip, 7za.exe and a script that instruct 7zip executable to find folders and 7zip them with a hard coded password and then delete the original folder. This then repeated for every drive. .vxcrypt
extension is added to the archived file. The hard coded password is "Oezfdse6f5esf413s5fd4e6fSQ45R424EDDEZS
A user can get its file back by simply providing this password on extraction. Once the execution is ends it open Internet Explorer and display a ransom note with all the information to the victim.
VCrypt Ransomware Signatures
VCrypt Ransomware Download