A new piece of malware, Virobot, has been discovered that has both ransomware and botnet capabilities in a single package. It propagates itself via Microsoft Outlook spam e-mails. Virobot infected emails are sent to the victim’s entire contact list on Outlook, which contains a copy of the malware or a link to a payload file which will be downloaded on the target machine when the spam message is opened.
Once the malware hits a machine, it scans the registry of the machine to identify the Product ID and GUID. It then generates an encryption and decryption key using a cryptographic Random Number Generator. All these gathered data are then sent to the Command and Control server and later it starts encrypting the hard drive. Once encryption is completed, the malware displays a ransom note and a ransom screen.
Apparently, the malware’s server has been taken down and it can no longer carry out encryption unless it establishes connection with its C&C.
This malware also includes a keylogging feature, wherein it records everything that the target types on its machine and then shares it with its C&C server.
Although the malware’s C&C server is offline, we may never know when these malicious actors would switch their operations to another command and control server.
https://www.securityweek.com/new-virobot-ransomware-and-botnet-emerges
Leave a Reply
You must be logged in to post a comment.