- Home
- Detectable Ransomware
- Vanguard
Ransomware Research
Vanguard Ransomware
Vanguard is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on February 1, 2017, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Vanguard
- First Seen
- February 1, 2017
How Vanguard Ransomware Works
Targeted Files
https://tria.ge/230503-yqjqnaab71/behavioral1 Requires C&C
Ransom Note and Payment Demands
After encrypting files, Vanguard displays ransom notes demanding payment for file recovery:
DECRYPT_INSTRUCTIONS.txt
Ransom message:
notes/DECRYPT_INSTRUCTIONS.txt
Technical Indicators
Associated Executable Files
The following executable files are associated with Vanguard ransomware:
MSOFFICE
app02.exe
1.exe
RANSOMWARE
msword.exe
ransom.exe-
ransomware_golang (2)
vanguard.exe
ransom.exe
ransom2.exe-
ransom2.exe
ransomware_golang
vanguard ransomware
ransom3.exe-
ransom3.exe
vanguard ransomware.exe
ransomware_golang (3)
Elastio Can Help You
Don't let Vanguard ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Vanguard ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Vanguard.
Last updated: July 30, 2025