silversurfer

Level 46
Content Creator
Trusted
Malware Hunter
Verified
The Virobot ransomware has been spotted making rounds in the United States on September 17, and it propagates itself via Microsoft Outlook spam e-mails.

At the moment, Virobot's command-and-control (C&C) server has been shut down, and the malware will not be able to successfully encrypt infected systems until the threat actors who designed it will switch to a new one.

As reported by Trend Micro's Macky Cruz, the Virobot ransomware also comes with botnet capabilities meant to spread it between computers via a spam e-mail attack vector that uses Microsoft Outlook as transportation.

Virobot-infected e-mails are sent to the victim's entire Outlook contact list containing a copy of the malware or a link to a payload file which will be downloaded on the target machine when the spam message is opened.

After the ransomware infects a computer, it will do a quick registry check-up to find the machine's ProductID and GUID and, after generating a pair of encryption and decryption keys, it will send all the gathered info to its C&C server and start encryption the hard drive.
 
Last edited: