Rewterz Threat Alert – Virlock Ransomware

Rewterz Threat Alert – APT Group Gamaredon – Active IOCs

June 2, 2022

Rewterz Threat Alert – Black Basta Ransomware – Active IOCs

June 2, 2022

Rewterz Threat Alert – Virlock Ransomware – Active IOCs

Severity

High

Analysis Summary

Virlock is a file-infecting ransomware that was initially found in 2014 but reappeared in 2016 and 2017. Virlock revealed new abilities with each reappearance, showing that the threat actors are continually developing and updating the malware. It showed unique capabilities in 2016 that allowed it to expand through shared apps and cloud storage. During the initial stage of its attack, this ransomware drops three instances of itself, each with its own obfuscation and persistence techniques. By altering the functionality implemented by each instance, Virlock ensures that all three instances can evade a signature-based detection system. Virlock, like other ransomware, demands payment in Bitcoin from the victim in order to decrypt their machines.

Impact

File Encryption

Indicators of Compromise

MD5

894e2f3752d0ee54d3b66f2769d4bc6a

SHA-256

f2a8bfad87ca97c18a21518b837744fb40d09daa6d56ef50afd206b4d13f6366

SHA-1

2edac3e1a748e767b30caa93365c6dc5923cf07b

Remediation

Never open attachments or links received by unknown senders.
Look for IOCs in your surroundings.
At your respective controls, disable all threat indicators.