A brand new ransomware referred to as Vovalex is being distributed by pirated software program that impersonates common Home windows utilities, reminiscent of CCleaner.
When it comes right down to it, all ransomware infections boil right down to the identical perform – encrypt a tool’s information after which drop a ransom observe demanding cost in some type.
Whereas Vovalex is not any completely different, what stands out to Superior Intel’s Vitali Kremez and MalwareHunterTeam, who discovered the ransomware, is that it could be the primary ransomware written in D.
Most likely First Documented Ransomware Written in ‘D’
Dlang Part Headers with “dmd” Compiler
— Vitali Kremez (@VK_Intel) January 29, 2021
Based on the D web site, Dlang is impressed by C++ however shares parts from different languages.
“D is the fruits of many years of expertise implementing compilers for a lot of numerous languages, and trying to assemble massive tasks utilizing these languages. D attracts inspiration from these different languages (most particularly C++) and tempers it with expertise and actual world practicality,” states the D website.
As malware builders don’t generally use Dlang, Kremez believes that the attackers are utilizing safety software program to bypass detections.
Vovalex is distributed as pirated software program
The shared pattern analyzed by BleepingComputer is distributed as a warez copy of the CCleaner Home windows utility, as might be seen by the bundled NFO file beneath.
When executed, the ransomware will launch a respectable CCleaner installer and duplicate itself to the random file identify within the %Temppercentfolder.
The ransomware will start to encrypt information on the drive and append the .vovalex extension to encrypted file’s names.
When executed, the ransomware will create a ransom observe named README.VOVALEX.txt on the desktop that asks for 0.5 XMR (Monero) to retrieve a decryptor. This quantity is the same as roughly $69.54 at present costs.
At the moment, it’s unknown if researchers can decrypt the ransomware without spending a dime.
Fortunately, Vovalex isn’t broadly distributed right now. If the menace actors accomplice with faux crack websites and adware bundles, just like how STOP ransomware is distributed, then we could have an even bigger downside on our palms.