Ransomware is sort of trending in the world of malware and cyber crimes. There have been many ransomware attacks in the recent past and many leading organizations across the world have had to face issues following such attacks. The latest news to hit as regards ransomware is about security researchers being concerned over a new distribution campaign for the VirLocker ransomware. The thing that makes VirLocker a real big issue is the fact that it can copy itself into infected files and can easily spread to other people or get copied onto a removable drive, thereby spreading fast and causing issues.
Why VirLocker Ransomware is a Real Menace…
Ransomware victims can mostly bypass paying the ransom by restoring the backup of their data; they just need to have had a backup made sometime before the attack and infection. But when it’s the VirLocker that makes the strike, this option too is rendered impossible. This rather sophisticated ransomware would infect backups as well. As soon as VirLocker infects a system, it copies itself into every single file it comes across. Thus the backup too gets infected. Moreover, removable storage devices- external hard disks, USB sticks and even DVDs- that are connected to the system at that time or later too could get infected with this malware. It’s common to store backups in such storage devices and hence it’s likely that such devices would be connected to the system, following which they too could get infected. Thus all possibilities of restoring backup would be thwarted as well since no such media can be connected to the system in a secure manner post infection. There remains only one likely option, cleaning up the computer entirely. But that too won’t be easy since all downloaded tools too would get infected.
Another cause of concern is that detecting VirLocker too becomes challenging. It can easily bypass most antivirus programs or anti-malware programs.
Developers of the VirLocker ransomware can simply keep track of every infected system and they can also validate if the victim had made a ransom payment in the past. The infected users would very soon be greeted with a ransomware message.
The most notable aspect of VirLocker infection is that those users who have never dealt with this malware earlier won’t notice any issue. The malware will keep running in the background and the user would remain contented that his antivirus software or anti-malware program is keeping him secure. VirLocker meanwhile infects all files and spreads as well, even through files sent via the social media to other people.
Well, there is one trick that could help users bypass the ransom payment screen. They can enter any random 64-length string in the Transfer ID text box and VirLocker would assume a payment has been received. The infected user can then decrypt files, one at a time. This is not an easy process, but it definitely is better than paying the Bitcoin ransom. The OS can be freshly installed after all files are decrypted.