- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
VapeLauncher was created recently, but it is not an entirely new threat since it belongs to the so-called CryptoWire family. It means the malicious program may have some differences, but it is still rather identical to other ransomware applications from the mentioned family. If you would like to know more details about how it might work on the system or you have not decide yet what to do with this infection, we encourage you to spend a few more minutes while reading the rest of this article. Slightly below the text, you will find manual deletion instructions that can help you eliminate VapeLauncher ransomware too. The malware’s creators could advise you not to remove the malicious program, but given they cannot give you any guarantees the files it encrypts will be unlocked, we do not think it would be wise to put up with their demands.
The malware might infect the system when the user unknowingly launches a malicious file received with suspicious email or while downloading data from unreliable web pages. At first, VapeLauncher should place a copy of itself in the %PROGRAMFILES(x86)%\Common Files directory. Plus, the threat could create a randomly named task in the %WINDIR%\System32\Tasks directory. The ransomware needs it to be set up so it could launch the malicious file it placed in the Common Files folder each time you or any other user logs on to the infected computer.
As soon as VapeLauncher settles in the system, it should erase all shadow copies and immediately start encrypting all files found in the %USERPROFILE% folder or its subfolders. The malicious program can lock various documents, photos, pictures, and so on. Same as other ransomware applications from the CryptoWire family, the threat should encipher your files with an encryption algorithm called AES-256. All files that were locked during this process might be listed in a file called log.txt; it is supposed to appear in the same Common Files folder. Moreover, the list showing enciphered data should also be visible on the malware’s window. It is launched only after the infection is done with the encryption process.
Besides the mentioned list VapeLauncher’s window should provide a couple of buttons, a box to enter a decryption key, and a ransom note. Clicking the Buy bitcoins button redirects you to howtobuybitcoins.info/#! The website could contain instructions or other information on how to purchase Bitcoins and make the payment. If you enter a wrong key into the provided box and click the Decrypt files button, the ransomware’s window might close itself automatically. Of course, it should appear again once you restart the computer, so the only way to get rid of it for once is to remove the malware.
The ransomware’s creators claim they can unlock all encrypted files if you pay them $200. The problem is there are no guarantees they still have the decryption key you need or that they will be willing to provide it for you. What we have learned while researching such threats is that people creating and distributing such malware cannot be trusted since there are cases when users pay the ransom as requested and still do not get the promised decryption key. Therefore, if your data is not worth the asked sum or you simply have no intention of risking your money, we advise you to pay no attention to the ransom note and eliminate the malicious program as soon as possible.
VapeLauncher could be deleted manually, just keep it in mind that since we cannot list the exact titles of its created data, it might be a rather difficult task. If you still choose the manual removal, we recommend following the instructions placed below this text as they might make this task easier. Those who do not want to deal with the ransomware on their own should employ a trustworthy antimalware tool of their choice. Once the full system scan is performed, the tool should list malicious data belonging to the infection or other suspicious applications on the computer. To erase it all at once you should click the deletion button. Afterward, you could keep the tool on the computer to make it less vulnerable. Just, keep it in mind it needs to be updated from time to time so it could fight the latest threats.