A new ransomware called Vovalex is being distributed via pirated software masquerading as popular Windows utilities such as CCleaner. When it comes down to it, all ransomware infections boil down to the same function: encrypting files on a device and then sending a ransom note demanding payment in some way.
According to the security researchers who discovered it, it could be the first ransomware written in D. It should be noted that the D language is fed by others, mainly C ++, with some additions that offer it greater practicality. Vovalex, according to the researchers behind its discovery, would be the first ransomware written in this language. It was first discovered by MalwareHunterTeam.
What does Vovalex do and how does it work?
This threat runs as if it were a legitimate installer. For example from the CCleaner program, as we mentioned earlier. It will then be copied to the system and will begin to encrypt files on the drive and add the .vovalex extension to all of them. Once it has finished its process, and as usual in malware of this type, it adds a ransom note on the Windows Desktop that it will call README.VOVALEX.txt. A simple text file where it informs the victim of how to regain control of the files.
Fortunately, Vovalex is not widely distributed at this time. If threat actors are associated with fake crack sites and adware bundles, similar to how ransomware is distributed, then we may have a bigger problem on our hands, so the best we can do is download only from official pages, as we always say, be very careful when surfing the net and more care when downloading.
Other reads:
Rogue Software – Fake Security Programs
