A new step in the evolution of ransomware has been documented by security researchers who have discovered a sample of malware that encrypts files in the storage drive and creates unique strands of itself because of its polymorphic features.
The new threat has been named VirRansom and VirLock by its researchers Sophos and ESET, respectively. This particular crypto-malware unlike others of its kind allows files to be decrypted, but this will not stop it from being locked screento him computer of the victim. In this way he forces the victim to pay.
Just the Ransomware τρέξει στον υπολογιστή του θύματος ενσωματώνεται σε ένα φορητό εκτελέσιμο Portable Executable (PE) και πρόσθετει την επέκταση exe.
It is noteworthy that malware scrambles the files it affects, but also decrypts it when it is executed.
Once the user runs the infected file, the virus automatically starts spreading in the system. ESET researchers report that in two cases landed on “%userprofile%” and “%AllUsersProfile%”.
According to the researchers' analysis, VirLock can infect documents (DOC, XLS, PDF, PPT), images (PNG, GIF, BMP, PSD, JPG), audio files (MP3), MPG compressed files (RAR, ZIP).
It appears that there are currently at least six variants of the malware circulating on the Internet.
If the VirLock malware /Ransom it does not encrypt the victim's files like other crypto-malware do it locks the computer screen to achieve its goal.
When the computer is in a locked state, malware shuts down explorer.exe, prevents opening of Task Manager, and other procedures that could help to bypass it, according to ESET.
The message about the ransom threatens classically with legal consequences, for some alleged copyright violations, and asks for 216 in bitcoins.
ESET has developed one self-cleaning cleaner for this particular threat, while Sophos also provides one free tool designed for the same reason.