Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Here it comes RegretLocker, a new cybercrime ransomware that targets Microsoft Windows virtual machines (VMs). The malware doesn’t contain a long-winded ransom note and uses email for communication. It encypts files with .mouse extention
RegretLocker is a new ransomware that targets Windows virtual machines, using a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. It has been discovered by the cybersecurity expert MalwareHunterTeam. It doesn’t contain a long-winded ransom note and uses email for communication rather than a Tor payment site. Moreover, according Bleeping Computer, when encrypting files, it will append the .mouse extension to file names. Researcher Vitali Kremez, who analyzed the cybercrime malware, explained it exploits the Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, and GetVirtualDiskPhysicalPath functions to mount the virtual disk files. Once the virtual drive is mounted as a physical disk in Windows, the ransomware can encrypt each one individually, which increases the speed of encryption. In addition it also utilizes the Windows Restart Manager API to terminate processes or Windows services that keep a file open during encryption.