Spreading new ransomware variant Virobot newly discovered
Spreading new ransomware variant Virobot newly discovered strain applies the concept of multi-threading to encrypt files and also log and steal keystrokes of victims. The new ransomware has been named Virobot and has no previous ties to any previous ransomware trees according to the cybersecurity firm Trend Micro who found the threat last week. Techtabinfo
Security experts from Trend Micro discovered a new malware tracked IOCs
Researchers discovered new Virobot Ransomware that distributed along with botnet futures mainly focusing on victims based on the United States. Attackers using spam email botnet to delivery the ransomware into more number of victims and this ransomware doesn’t have a previous Ransomware family.
The experts highlighted a curiosity about the ransom note and ransom screen displayed by the malware, even if it is currently targeting users in the US, the ransom note is written in French:
Virobot Ransomware Encryption Data Process
The encryption process relies on the RSA encryption scheme, Virobot will target files with following extensions: TXT, DOC, DOCX, XLS, XLSX, PPT, PPTX, ODT, JPG, PNG, CSV, SQL, MDB, SLN, PHP, ASP, ASPX, HTML, XML, PSD, PDF, and SWP.
Or now, according to Trend Micro, the threat has been temporarily mitigated because at the time of writing the Virobot C&C server was down, meaning the Virobot’s ransomware module would not start the encryption process if it infected new victims.
Since this is a new malware strain, this is most likely because of tests that most malware distributors carry out, and it’s expected that the ransomware’s C&C servers will eventually come back for broader distribution campaigns in the future.
Virobot is also not the first malware strain that combines different components. The line between ransomware, banking trojans, keyloggers, and other malware categories has been getting murkier in past years.