Versiegelt Ransomware - How To Remove?

 

Versiegelt is a German word which means “sealed”. November started with creators of the infamous Jigsaw virus advancing with a German version of their crypto-ransomware. Versiegelt infection seems to be especially fit for detail-oriented Germans: the virus is specific and does not lose its main focus by providing elements that are unnecessary. It uses a clear-cut strategy and lives with high hopes of infecting people that will feel desperate enough to pay the demanded fee for decryption. If your background picture suddenly changes and the screenshot below is exactly the new image that you witness, there is no doubt that Versiegelt virus has found a way to infiltrate into your device. Nevertheless, before virus has the ability to lock your screen with a German message, it has to be successful in couple of objectives. Since the ransom note is provided in the earlier mentioned language, it is presumable that Versiegelt targets people that are from appropriate locations or have set their preferred language to German. There is a possibility its payload is programmed to delete itself if it ends up in a computer with other preferences. Nevertheless, this notion is not confirmed.

About Versiegelt Ransomware

After making its way to your device, Versiegelt virus won’t hit the snooze button but take forceful actions instead. First, like any other ransomware, it has to pursue a goal of getting its payload automatically ran after computer is turned on. For this reason, ransomware modifies Windows Registry Keys that launch programs automatically. After Versiegelt virus has managed to finish the necessary deeds, its payload will be ran in the background like a secret ninja, preparing for the process of encryption. Since this is a new ransomware variant, it is unknown which algorithm for encryption is selected to ruin users data. It is believable that the selected ciphers are going to be either RSA or AES. Before encrypting files, Versiegelt virus has to find them first. That is why it silently runs scans in order to find data with suitable extensions. We are sure that an impressive number of file types might be targeted by ransomware viruses. Versiegelt won’t be an exception: its scope of files to influence is wide. All of your important documents (eg. .doc, .pdf, .ppt, .dotx, .doc and etc.) might be made completely unavailable for usage. Other data can also be ruined, if you permit a ransomware virus to remain in your system for enough time. It is very likely that Versiegelt virus won’t be sloppy and will remove all possibilities of restoring files via Shadow Volume Copies. This option is compressed by ransomware infections once they delete these copies. The texts provided below are the English version of the ransom note and the original one in German.

versiegelt-ransomware-2-viruses

 

Your data is encrypted. The only way to get back your files is to pay a ransom of 100 €. If you send money to the Bitcoin address below, we will check it and decrypt your data to 100%. After that we are gone and we won’t come back.

No service centers will be able to help you! If you cooperate with us, we keep our promise. Finally, we delete the virus and your computer will work again as before.

Ihre Daten sind verschlüsselt Der einzige Weg Sie wieder zu bekommen ist eine Zahlung von 100€ Sie zahlen an der unten genannten Bitcoin Adresse, wir prüfen die Zahlung und Entschlüsselt die Daten zu 100% danach sind wir Weg und kommen nicht mehr.
Es wird Ihnen keine Service Center Helfen können! Wenn Sie mit uns Kooperrieren halten wir unser Versprechen Zum Schluss löschen wir den Virus und Ihr Rechner funktioniert wieder wie vorher.

How to Decrypt Files Encrypted by Versiegelt Ransomware?

This version of Jigsaw has been detected just recently so security researchers were not able to produce an appropriate program/tool for decryption. However, we can already say that paying ransom would be a terrible idea that won’t provide your with beneficial consequences. Most likely, your money will be wasted and the creators of Versiegelt ransomware won’t send you a woking key for decryption. Wasting 100 euros (about 110 US dollars) is not an action we recommend you to do. Even if the amount of 0.1503 BTC sounds very tiny, you should not waste a single dime on crooks. If you are reading our articles simply to keep yourself up-to-date with the latest viruses, we are going to give you some tips on remaining safe and sound from ransomware. One of the most recommended options is to store data in backup storages in order to keep them in a secured database.

How is Versiegelt Ransomware Distributed?

An attachment of the payload of Versiegelt virus can be found in email letters, addressed to random people’s inboxes. If you happen to receive a bizarre message in German, it is possible that you are being attempted to be lured into the world of infection. Our advise would be to regularly clean your inbox from spam and only open those letters that are sent from reputable addresses. Since this is a German ransomware, it might be that people speaking this language are selected to receive bizarre letters. Messages can contain alerts from airlines, schools or other authorities. Of course, such letters are not really originating from reputable sources but from cyber criminals.

If your device has been roughly damaged by viruses, we advise you to clean it with reputable anti-malware tools. They are not going to disappoint you: Reimage, Spyhunter or Malwarebytes. Manual removal is advisable only if the user is not an amateur in malware removal. In other words, wrongly carried out manual removal can do more damage than good. More tips about how to restore your files can be found below.

How to recover Versiegelt ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again. CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before Versiegelt ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3

Step 2. Complete removal of Versiegelt ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Reimage and remove all malicious files related to Versiegelt ransomware. You can check other tools here.


Step 3. Restore Versiegelt ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Versiegelt ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so.

Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer.

a) Native Windows Previous Versions

Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.


Previous version
b) Shadow Explorer

It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover Versiegelt ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download Data Recovery Pro (commercial)
  • Install and scan for recently deleted files. Data Recovery Pro

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

     
 

About the author

 - Main Editor
I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.
 
November 3, 2016 05:27, January 2, 2017 08:06
 
   
 

Leave a Reply

Your email address will not be published. Required fields are marked *