skip to Main Content

Cybercrime, Virlock: An old but still dangerous ransomware

Cybercrime, Virlock: An Old But Still Dangerous Ransomware

Cylance: Virlock, the polymorphic cybercrime ransomware, is still actively developed and updated by cybercrime. It drops 3 instances of itself, each of them perfumers different tasks

Virlock, the polymorphic cybercrime ransomware, is actively developed and updated by cybercrime. It’s the warning launched by Cylance cyber security experts. The malware demonstrates new capabilities allowing it to spread through shared applications and cloud storage. When executed, it drops three instances of itself. One carries out the file infection, while the second locks the machine and ask for ransom. Furthermore, during this process, it also shuts down the process explorer.exe and task manager, and it checks the geolocation of the device by searching the registry and displays a message tailored to the victim’s location. Finally, the third instance creates a persistence mechanism by registering as a service. Attackers demand Bitcoin payment from victims who want their systems unlocked. Moreover, the polymorphic nature of the malicious code means every instance has a different file signature, a tactic that effectively bypasses signature-based antivirus (AV) solutions. 

The cyber security experts: The malware was first detect in 2014, but made resurgent appearances in 2016 and 2017. With each reappearance the ransomware demonstrated new capabilities, indicating that it is actively developed and updated

According to the cyber security experts, Virlock was first detected in 2014 but made resurgent appearances in 2016 and 2017. With each reappearance the ransomware demonstrated new capabilities, indicating that it is actively developed and updated by cybercrime. The malware, in addition to deploy an impressive triple-instance attack strategy, also show a location-specific ransom screen threatening users with fake legal action should they refuse to comply. And the messages are written correctly, using logos of various police forces. This feature gives it more strength in validating the alleged truthfulness of the (ransom) request. So, these elements make it very dangerous especially for organizations, the first target of the cyber criminals behind the code.

Back To Top