First discovered in January 2018, Velso Ransomware appears to infect victims through manual installation and execution by threat actors via remote desktop protocol (RDP). This variant appends .velso to the names of encrypted files and drops a ransom note named get_my_files.txt in every folder where files have been encrypted. A copy of the ransom note is also placed in the Windows Startup folder, prompting the note to automatically display when a user logs into the infected system. Email addresses associated with this ransomware include MerlinVelso@protonmail.com.
- Bleeping Computer provides additional information on Velso Ransomware here.
- The NJCCIC is not currently aware of any free decryption tools available for Velso Ransomware.
Image Source: Bleeping Computer