silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,148
The Virobot ransomware has been spotted making rounds in the United States on September 17, and it propagates itself via Microsoft Outlook spam e-mails.
At the moment, Virobot's command-and-control (C&C) server has been shut down, and the malware will not be able to successfully encrypt infected systems until the threat actors who designed it will switch to a new one.
As reported by Trend Micro's Macky Cruz, the Virobot ransomware also comes with botnet capabilities meant to spread it between computers via a spam e-mail attack vector that uses Microsoft Outlook as transportation.
Virobot-infected e-mails are sent to the victim's entire Outlook contact list containing a copy of the malware or a link to a payload file which will be downloaded on the target machine when the spam message is opened.
After the ransomware infects a computer, it will do a quick registry check-up to find the machine's ProductID and GUID and, after generating a pair of encryption and decryption keys, it will send all the gathered info to its C&C server and start encryption the hard drive.
At the moment, Virobot's command-and-control (C&C) server has been shut down, and the malware will not be able to successfully encrypt infected systems until the threat actors who designed it will switch to a new one.
As reported by Trend Micro's Macky Cruz, the Virobot ransomware also comes with botnet capabilities meant to spread it between computers via a spam e-mail attack vector that uses Microsoft Outlook as transportation.
Virobot-infected e-mails are sent to the victim's entire Outlook contact list containing a copy of the malware or a link to a payload file which will be downloaded on the target machine when the spam message is opened.
After the ransomware infects a computer, it will do a quick registry check-up to find the machine's ProductID and GUID and, after generating a pair of encryption and decryption keys, it will send all the gathered info to its C&C server and start encryption the hard drive.
Last edited:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
