Do you remember the Mirai Botnet that ravaged the telecommunication sector in 2016? Do you know what a botnet is?
What Is a Botnet?
In a botnet attack, the affected computers are linked together as part of a chain of digital slaves where these computers can be controlled to perform any action. Thus, if your computer becomes a part of the botnet, then it can be misused to entrap your family and friends while you may be unaware of the malware’s existence during these nefarious machinations.
In mid-September, ransomware removal experts found out a unique ransomware strain known as Virobot Ransomware. What makes the ransomware distinct from other malware is the presence of botnet functionalities in its components. This has been marked as a highly worrying development as such kind of sophistication in the ransomware campaigns may pose added dangers to businesses operating with IoT equipment.
The ransomware mainly attacks the US audience, similar to Mirai botnet. Emails are used for the distribution of a ransomware when the affected victims are enslaved into the botnet’s circle. The ransom corrupts the Windows registry keys, after which it takes control of the system and begins the encryption process.
Encryption keys are produced to assign unique keys for the locked data while a decryption key is sent to the command and control center of the cybercriminal group. Cybercriminals also utilize the PowerShell for running system related commands.
Subsequently, the ransomware operates by opening the email services of Microsoft Outlook of its victims and initiates spam email campaigns by contacting and sending the malicious emails to individuals from the victim’s contact list. Ransomware removal experts also noted a keylogging component that forwards any information typed by the user to the cybercriminal group.
Interestingly, in spite of its English target audience, the ransom note accompanied by Virobot Ransomware consisted of text written in the French language. Security experts are working hard to develop a tool for the ransomware removal of Virobot.