Level 46
Content Creator
Malware Hunter
The Virobot ransomware has been spotted making rounds in the United States on September 17, and it propagates itself via Microsoft Outlook spam e-mails.

At the moment, Virobot's command-and-control (C&C) server has been shut down, and the malware will not be able to successfully encrypt infected systems until the threat actors who designed it will switch to a new one.

As reported by Trend Micro's Macky Cruz, the Virobot ransomware also comes with botnet capabilities meant to spread it between computers via a spam e-mail attack vector that uses Microsoft Outlook as transportation.

Virobot-infected e-mails are sent to the victim's entire Outlook contact list containing a copy of the malware or a link to a payload file which will be downloaded on the target machine when the spam message is opened.

After the ransomware infects a computer, it will do a quick registry check-up to find the machine's ProductID and GUID and, after generating a pair of encryption and decryption keys, it will send all the gathered info to its C&C server and start encryption the hard drive.
Last edited: