A brand new ransomware referred to as Vovalex is being distributed by means of pretend pirated software program that impersonates common Home windows utilities, similar to CCleaner.
When it comes all the way down to it, all ransomware infections boil all the way down to the identical operate – encrypt a tool’s information after which drop a ransom be aware demanding cost in some kind.
Whereas Vovalex is not any totally different, what stands out to Superior Intel’s Vitali Kremez and MalwareHunterTeam, who discovered the ransomware, is that it might be the primary ransomware written in D.
Most likely First Documented Ransomware Written in ‘D’
Dlang Part Headers with “dmd” Compiler
— Vitali Kremez (@VK_Intel) January 29, 2021
In keeping with the D web site, Dlang is impressed by C++ however shares parts from different languages.
“D is the fruits of many years of expertise implementing compilers for a lot of various languages, and trying to assemble massive tasks utilizing these languages. D attracts inspiration from these different languages (most particularly C++) and tempers it with expertise and actual world practicality,” states the D website.
As malware builders don’t generally use Dlang, Kremez believes that the attackers are utilizing safety software program to bypass detections.
Vovalex is distributed as pirated software program
The shared pattern analyzed by BleepingComputer is distributed as a warez copy of the CCleaner Home windows utility, as will be seen by the bundled NFO file beneath.
When executed, the ransomware will launch a official CCleaner installer and replica itself to the random file identify within the %Temppercentfolder.
The ransomware will start to encrypt information on the drive and append the .vovalex extension to encrypted file’s names.
When achieved, the ransomware will create a ransom be aware named README.VOVALEX.txt on the desktop that asks for 0.5 XMR (Monero) to retrieve a decryptor. This quantity is the same as roughly $69.54 at present costs.
Presently, it’s unknown if researchers can decrypt the ransomware totally free.
Fortunately, Vovalex is just not broadly distributed presently. If the risk actors accomplice with pretend crack websites and adware bundles, just like how STOP ransomware is distributed, then we might have a much bigger drawback on our fingers.