21 September 18, 15:52
Quote:The Virobot ransomware has been spotted making rounds in the United States on September 17, and it propagates itself via Microsoft Outlook spam e-mails.
At the moment, Virobot's command-and-control (C&C) server has been shut down, and the malware will not be able to successfully encrypt infected systems until the threat actors who designed it will switch to a new one.
As reported by Trend Micro's Macky Cruz, the Virobot ransomware also comes with botnet capabilities meant to spread it between computers via a spam e-mail attack vector that uses Microsoft Outlook as transportation.
Virobot-infected e-mails are sent to the victim's entire Outlook contact list containing a copy of the malware or a link to a payload file which will be downloaded on the target machine when the spam message is opened.
After the ransomware infects a computer, it will do a quick registry check-up to find the machine's ProductID and GUID and, after generating a pair of encryption and decryption keys, it will send all the gathered info to its C&C server and start encryption the hard drive.
Source: https://news.softpedia.com/news/us-under...2839.shtml
![[-]](https://www.geeks.fyi/images/collapse.png)
