Vovalex Ransomware
Share this:
A new ransomware called Vovalex is being distributed through pirated software that impersonates popular Windows utilities, such as CCleaner.
According to the D website, Dlang is inspired by C++ but shares components from other languages.
“D is the culmination of decades of experience implementing compilers for many diverse languages, and attempting to construct large projects using those languages. D draws inspiration from those other languages and tempers it with experience and real world practicality,” states the D website.
The shared sample analyzed by BleepingComputer is distributed as a warez copy of the CCleaner Windows utility, as can be seen by the bundled NFO file below.
NFO file for a pirated copy of CCleaner
When executed, the ransomware will launch a legitimate CCleaner installer and copy itself to the random file name in the %Temp%folder.
CCleaner installer
The ransomware will begin to encrypt files on the drive and append the .vovalex extension to encrypted file’s names.
Vovalex encrypted files
When done, the ransomware will create a ransom note named README.VOVALEX.txt on the desktop that asks for 0.5 XMR (Monero) to retrieve a decryptor. This amount is equal to approximately $69.54 at current prices.
At this time, it is unknown if researchers can decrypt the ransomware for free. But not widely spread as of now
