In addition to encrypting user files, the newly discovered ransomware is a multitasking threat that saves and steals keystrokes and adds infected computers to junk mail botnets.
A new transcript called Virobot is a new kind that has nothing to do with the previous Ransomware Family Tree, according to Trend Micro, a computer security company that a malware analyst found this treatment this week.
But component bilobot transcript seems to be unrelated to other types of transcripts, but its mode of operation is not new in the same way as previous threats.
Also, Ransomware: an executive guide showing one of the biggest threats on the web
The current infection vector seems to be spam (also called malspam). When a user downloads and runs religion software attached to an e-mail document, ransomware works by generating a random encryption and decryption key, which is also sent to the remote server. Control and control.
The encryption process is based on RSA encryption scheme and Virobot target file of TXT, DOC, DOCX, XLS, XLSX, PPT, PPTX, ODT, JPG, PNG, CSV, SQL, MDB, SLN, PHP, ASP. , ASPX, HTML, XML, PSD, PDF, and SWP.
When this is done, Virobot will display ransom memos on the user's screen as shown below. This memo is written in French, which was strange as Trend Micro researchers targeted ransomware development campaigns clearly to US users.
Interestingly, not only is the Vi robot with a French connection that appeared in the last few weeks. At the end of August, security researcher MalwareHunter noticed that the transcript named PyLocky, created to mimic the famous Locky transcript, was very aggressive targeting France .
CNET: Fake Encryption Currency Application Installs romomware on Computer
However, in addition to the company's Ransomware component, Trend Micro claims that he also found two components, the Keylogger and the Botnet Module.
The keylogger system was very simple, it recorded all the local keystrokes and sent the raw data to the C server. C.
On the other hand, the botnet module was more powerful. This module also allowed the Virobot operator to download and run other malware from transcript C, C server …
Hope you like the news New Virobot ransomware will also log keystrokes, add PC to a spam botnet. Stay Tuned For More Updates 🙂