Threat Database Ransomware VirLock Ransomware

VirLock Ransomware

By CagedTech in Ransomware

Threat Scorecard

Ranking: 16,753
Threat Level: 100 % (High)
Infected Computers: 155
First Seen: December 10, 2014
Last Seen: August 26, 2023
OS(es) Affected: Windows

VirLock Ransomware Image

The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware has infected your machine, you should ignore all of its claims and its message and instead take steps to restore access to your computer calmly.

The VirLock Ransomware is Similar to Other Ransomware Deceiving Tactics

Ransomware tactics are social engineering attacks that use a powerful threat component to block all access to infected computers, combined with a threatening message that tries to convince computer users that they are being targeted by law enforcement or that they need to pay a ransom to regain access to the infected computer. Essentially, the VirLock Ransomware blackmails computer users, claiming that the VirLock Ransomware will report them to the authorities for having pirated software on their computers. Unfortunately, since pirated software and media are becoming increasingly common, many computer users will be guilt-tripped into believing the VirLock Ransomware tactic. In many cases, computer users may be convinced that there is pirated content on their computers without their knowledge, often due to their lack of experience handling a computer or using the Internet. Threats such as the VirLock Ransomware prey on inexperienced computer users who may not be aware of how pirated software and law enforcement involvement online works.

Following the VirLock Ransomware Attack

The VirLock Ransomware attack follows the same pattern as most Ransomware Trojans. The following are the steps that the VirLock Ransomware infection usually takes to infect a computer:

  1. The VirLock Ransomware infection is a Trojan. This means that the VirLock Ransomware cannot spread on its own, unlike other types of threats such as viruses or worms. Trojans like the VirLock Ransomware require other components to deliver them to the computer user's machine. Some ways in which the VirLock Ransomware Trojan may enter a computer include the use of exploit kits contained on attack websites, through other threat infections that install the VirLock Ransomware infection or social engineering. This last strategy is the simplest and the most effective, using spam email attachments or disguising the VirLock Ransomware executable file as something else and distributing it online through lies and deception.
  2. Once the VirLock Ransomware Trojan infects a computer, the VirLock Ransomware makes harmful changes to the infected computer. These changes allow the VirLock Ransomware Trojan to block all access to the infected computer. When the computer user starts up the infected machine, the VirLock Ransomware will prevent the affected computer from loading the Windows Desktop, Explorer, Task Manager, or other utilities that would allow a computer to access their files and applications.
  3. Instead, the VirLock Ransomware displays a full screen message. The VirLock Ransomware message claims that the computer user's machine contains pirated software. The VirLock Ransomware threatens to report the victim to the authorities unless payment is made following the instructions in the message. The instructions in the VirLock Ransomware message are a brief guide to buying and making payments with BitCoin.

Paying the VirLock Ransomware ransom will not result in the removal of the VirLock Ransomware infection, or guarantee that the VirLock Ransomware will not return. Because of this, security analysts counsel computer users to avoid making the VirLock Ransomware payment. Instead, alternate start-up methods should be used to gain access to the infected computer and then a reliable security program should be used to remove the VirLock Ransomware completely.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
McAfee Trojan-FFGO!8803D517AC24
Kaspersky Trojan-Downloader.Win32.Geral.bgab
McAfee Trojan-FFGO!0522C889F96C
AhnLab-V3 Trojan/Win32.Katusha
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc
Kaspersky Trojan-Downloader.Win32.Geral.bdem
Kaspersky Trojan-Downloader.Win32.Geral.bhyq
McAfee Trojan-FFGO!9C7A6F0BC3A9
CAT-QuickHeal TrojanDownloader.Geral.r1 (Not a Virus)
AhnLab-V3 Trojan/Win32.Agent
Microsoft Virus:Win32/Nabucur.gen!A
Antiy-AVL Trojan[Dropper]/Win32.Demp
F-Prot W32/S-7136ec3b!Eldorado
McAfee-GW-Edition BehavesLike.Win32.IRCBot.dc
Kaspersky Trojan-Dropper.Win32.Demp.afwh

SpyHunter Detects & Remove VirLock Ransomware

File System Details

VirLock Ransomware may create the following file(s):
# File Name MD5 Detections
1. qQMIwwMA.exe e2a6041309fa84fcb092ed9378363668 4
2. file.exe 62feaf87ce183b1a900471cc50aaedb4 4
3. tEwkkIIo.exe 4a9b4f250105fc5399f7592ce7451e67 3
4. tEwkkIIo.exe 66197f7baf42db37f35074bbad0c13ea 3
5. ECEkMkMk.exe fae49fe8f00dbea695c0279538606ee1 3
6. DUokEEgU.exe 623ee7285d0c215de78cec880e30eb33 3
7. DarkEye2.exe 04963b5d27d46e01b9ca833afb6f682d 2
8. tEwkkIIo.exe 8fa522c40c73e3602296ca5258d08183 2
9. tEwkkIIo.exe afc7afad43c58d1697d79ffc46a2e36b 1
10. TOgggoow.exe 88a84f378a69e78ca1c31169c935acbf 1
11. tEwkkIIo.exe d4c70ce329a76fac168a8124f4cc6812 1
12. TOgggoow.exe fa0df0dd3b38d5b615804b7f2798bd75 1
13. tEwkkIIo.exe 5492a6daed9cb8e8af3e8c7b68eebd44 1
14. tEwkkIIo.exe ad0b79598830142310ea1bfec614cc2f 1
15. TOgggoow.exe 2621ad3590f078b860e484bcf786a06c 1
16. tEwkkIIo.exe 79470669bb0953071f58c580d209e05a 1
17. tEwkkIIo.exe 79735a9a073e1378b49d718984f1517e 1
18. tEwkkIIo.exe 3d20694b56806b43429f39647f514f7a 1
19. TOgggoow.exe ed5351ebb5534933c175d1ad2e32fe47 1
20. tEwkkIIo.exe 51e9a6c434a0b34ffb27ffa0204f8a08 1
21. TOgggoow.exe 283ccd93d21abbbac713f6edf98f24fe 1
22. TOgggoow.exe 161ffeaebc823c72c65b0f10a268e399 1
23. tEwkkIIo.exe 5ff3347161face8743214ed24d29bd1b 1
24. TOgggoow.exe d51afc50401e3298542cde07b96d8610 1
25. TOgggoow.exe 1ec6d6e9c339201a74beefb31077ddc1 1
26. file.exe dad7cc2d6e75084f4be64b4210ef1a8a 0
27. File.exe b256530bd715266482ccc9af0f3e511d 0
28. File.exe fe5baed5528d7814b510d903a56d8981 0
More files

Registry Details

VirLock Ransomware may create the following registry entry or registry entries:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gsQoAIAM.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NmYcsoAc.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PywYQwIg.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qEoYgUIU.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\gsQoAIAM.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NmYcsoAc.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qEoYgUIU.exe

Directories

VirLock Ransomware may create the following directory or directories:

%ALLUSERSPROFILE%\dekAoYQc
%ALLUSERSPROFILE%\dqcMAIgw
%ALLUSERSPROFILE%\pCUcwEQc
%USERPROFILE%\cQkcgwQg

Messages

The following messages associated with VirLock Ransomware were found:

NATIONAL SECURITY BUREAU Your computer was automatically blocked. Reason: Pirated software found on this computer. Your computer is now blocked. 7 files have been temporarily blocked on your computer. To regain computer access and restore files you are required to pay a 250 USD Blocked files will be permanently removed from your computer if the fine is not paid. The NSB has two ways to pay a fine: 1.You can pay your fine online through BitCoin. BitCoin is available nationwide. Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment Your computer will be unlocked within 4-5 working days. To regain access transfer bitcoins to the following address (click to copy): 198tX7NmLg6o8qcTT2Uv9cSBVzN3oEozpv After the payment is finalized enter Transfer ID below. Amount: Transfer ID: BTC 0.652 PAY FINE If the fine is not paid, a warrant will be issues for your arrest, Which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years. Payment

Related Posts

Trending

Most Viewed

Loading...