November 30, 2023

A new ransomware called Vovalex is being distributed through pirated software that impersonates popular Windows utilities, such as CCleaner.

According to the D website,  Dlang is inspired by C++ but shares components from other languages.

“D is the culmination of decades of experience implementing compilers for many diverse languages, and attempting to construct large projects using those languages. D draws inspiration from those other languages and tempers it with experience and real world practicality,” states the D website.

The shared sample analyzed by BleepingComputer is distributed as a warez copy of the CCleaner Windows utility, as can be seen by the bundled NFO file below.

NFO file for a pirated copy of CCleaner

When executed, the ransomware will launch a legitimate CCleaner installer and copy itself to the random file name in the %Temp%folder.

CCleaner installer

CCleaner installer

The ransomware will begin to encrypt files on the drive and append the .vovalex extension to encrypted file’s names.

Vovalex encrypted files

When done, the ransomware will create a ransom note named README.VOVALEX.txt on the desktop that asks for 0.5 XMR (Monero) to retrieve a decryptor. This amount is equal to approximately $69.54 at current prices.

At this time, it is unknown if researchers can decrypt the ransomware for free. But not widely spread as of now

Tags:

Leave a Reply

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: