This is getting real, folks! New Hybrid Ransomware Replicates Like A Virus!

SophosLabs labs' blog reported about a new Ransomware strain with a  difference - this one is a true self-replicating parasitic virus!  They call it VirRansom.... see more below...


This new strain is a hybrid that combines CryptoWall-like functionality  with active self-replicating virus infections of all files it can find. And  like the cybercrime Reveton family of malware, it locks the PC's main screen  demanding 0.619 Bitcoin (currently $217.07) to let you back in. Yikes.

To quote Sophos: "Worms vs. Parasitics: Most worms leave you  with one, or perhaps a handful, of infected files that weren't there before  and need to be deleted.

"Parasitic viruses, in contrast, may leave you with hundreds of infected  files on each computer, or thousands, or more. If you leave even one of  those infected files behind after a clean-up, the infection will start  up all over again.

"Worse still, the infected files can't just be deleted, because they are your  own files that were there before the infection started. That makes cleanup much  trickier." 

The good news: The file encryption is not as advanced as CryptoWall, as  the key to decrypt the files is contained in the malware itself. Your antivirus  should soon be able to decrypt the files and restore them, unless the bad guys  are constantly changing the encryption keys in which case it may take a day or more before your AV catches up.

The bad news: This is a full-fledged virus which will spread across  your network and doing a less than perfect job on the disinfection can  easily lead to reinfection of your whole network.

CryptoWall-encrypted files that you can't or don't decrypt are harmless  garbage forever, but you can delete them. With VirRansom, files that you  don't decrypt are still recoverable, but also still actively infectious. 

It gets nastier all the time. You can expect a VirRansom 2.0 soon where  they might implement "new features" like industrial-strength encryption like CryptoWall where you only get the decryption keys after payment, and things like infection of your email server, where emails are converted  to a worm for maximum dissemination of their malcode. (Think about the legal ramifications of something like this.)

Starkville Computers can mitigate these types of threats through both technical measures  and enforcing security policy.