Viro Ransomware
Posted: July 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 46 |
| First Seen: | July 19, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Viro Ransomware is a Trojan and worm that includes attacks for locking your local files, collecting information, and making copies of itself for circulation. To protect their media, PC users can back up their work or use free decryption tools to try to break the Viro Ransomware's cipher. Because of its multifaceted applications, malware experts recommend that you isolate any infected PCs and use anti-malware tools for uninstalling the Viro Ransomware before re-securing both your work and your private information.
When an Entire Family of Trojans is Just One Puzzle Piece
The makers of threatening software in general, and file-locking Trojans, in particular, often don't see the necessity of doing more than rebranding an old program for new purposes. Upon occasion, however, malware experts find one or more threat actors who put real effort into their programming. In the Viro Ransomware, the newest variant of a Trojan family known for its encryption capabilities, its author seems to be intent on using the Trojan as an all-in-one means of self-distribution, ransoming files and collecting information.
The Viro Ransomware's encryption component still uses most of the previous code of Hidden Tear and blocks the victim's files, such as documents, by modifying them with an AES-based cipher. When it completes this task, it resets the desktop's wallpaper to a custom image of Jesus Christ, albeit with the face replaced. It uses a window pop-up box for displaying its ransoming alert and demands, which asks for an unspecified amount of money to give you the password for restoring your files.
Malware experts are more concerned with the Viro Ransomware's other functions, which are less likely of being in any variant of Hidden Tear particularly. The Viro Ransomware also doubles as a worm that could duplicate its executable file and distribute it through means such as peripheral devices, which would allow it to compromise other PCs that share storage drives or are accessible over local network connections. The Viro Ransomware also monitors the user's Web-browsing history in multiple browsers and records it to log files that it uploads to the threat actor's server.
Fending Off a Multiple-Front Trojan Assault
The Viro Ransomware shows several signs of not being ready for release into the wild, for now. The 'worm' portion of the Viro Ransomware's code requires further work for completion, and the Trojan's ransom notes contain limited information for the victim to use for paying. However, the Viro Ransomware's spyware behavior does function as intended. Malware analysts also estimate that the Viro Ransomware may be using keylogging behavior that could record the user's keyboard input and give access to other content not covered by its browser-specific feature, such as various passwords.
When dealing with any threat that could include worm-related features, malware experts always recommend disabling the PC's network connections and limiting any access to storage devices. The Viro Ransomware could use either means to infect other systems with limited consent from their users. Most anti-malware products able to delete Hidden Tear's previous versions also should remove the Viro Ransomware without issues, and free decryption tools are available for victims who lack backups.
Ransoms aren't the only things at stake with the Viro Ransomware infections. As threat actors grow more concerned with profiting from single infections by any means necessary, victims will need to consider everything they could lose in an attack, ranging from their saved work to their online accounts.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.