According to the security report disclosed by Trend Lab, a new botnet ransomware Virobot is spreading through Microsoft Outlook. The report pointed out that the malware also features botnet and ransomware, and spreads on Microsoft Outlook as spam.
“Viro botnet was first observed in the wild on September 17, 2018, seven days after we analyzed a ransomware variant that imitates the notorious Locky ransomware. Once Viro botnet is downloaded to a machine, it will check the presence of registry keys (machine GUID and product key) to determine if the system should be encrypted. The ransomware then generates an encryption and decryption key via a cryptographic Random Number Generator. Together with the generated key, Viro botnet then sends the machine-gathered data to its C&C server via POST.”
Trend Micro also said that the Virobot could also record the number of times a user taps the keyboard and share sensitive data such as credit card information and passwords. The keylogger also sends this information to the C&C server. So to prevent infection, make sure you don’t open attachments from unreliable sources.