VirLock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 16,753 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 155 |
| First Seen: | December 10, 2014 |
| Last Seen: | August 26, 2023 |
| OS(es) Affected: | Windows |
VirLock Ransomware Image
The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware has infected your machine, you should ignore all of its claims and its message and instead take steps to restore access to your computer calmly.
Table of Contents
The VirLock Ransomware is Similar to Other Ransomware Deceiving Tactics
Ransomware tactics are social engineering attacks that use a powerful threat component to block all access to infected computers, combined with a threatening message that tries to convince computer users that they are being targeted by law enforcement or that they need to pay a ransom to regain access to the infected computer. Essentially, the VirLock Ransomware blackmails computer users, claiming that the VirLock Ransomware will report them to the authorities for having pirated software on their computers. Unfortunately, since pirated software and media are becoming increasingly common, many computer users will be guilt-tripped into believing the VirLock Ransomware tactic. In many cases, computer users may be convinced that there is pirated content on their computers without their knowledge, often due to their lack of experience handling a computer or using the Internet. Threats such as the VirLock Ransomware prey on inexperienced computer users who may not be aware of how pirated software and law enforcement involvement online works.
Following the VirLock Ransomware Attack
The VirLock Ransomware attack follows the same pattern as most Ransomware Trojans. The following are the steps that the VirLock Ransomware infection usually takes to infect a computer:
- The VirLock Ransomware infection is a Trojan. This means that the VirLock Ransomware cannot spread on its own, unlike other types of threats such as viruses or worms. Trojans like the VirLock Ransomware require other components to deliver them to the computer user's machine. Some ways in which the VirLock Ransomware Trojan may enter a computer include the use of exploit kits contained on attack websites, through other threat infections that install the VirLock Ransomware infection or social engineering. This last strategy is the simplest and the most effective, using spam email attachments or disguising the VirLock Ransomware executable file as something else and distributing it online through lies and deception.
- Once the VirLock Ransomware Trojan infects a computer, the VirLock Ransomware makes harmful changes to the infected computer. These changes allow the VirLock Ransomware Trojan to block all access to the infected computer. When the computer user starts up the infected machine, the VirLock Ransomware will prevent the affected computer from loading the Windows Desktop, Explorer, Task Manager, or other utilities that would allow a computer to access their files and applications.
- Instead, the VirLock Ransomware displays a full screen message. The VirLock Ransomware message claims that the computer user's machine contains pirated software. The VirLock Ransomware threatens to report the victim to the authorities unless payment is made following the instructions in the message. The instructions in the VirLock Ransomware message are a brief guide to buying and making payments with BitCoin.
Paying the VirLock Ransomware ransom will not result in the removal of the VirLock Ransomware infection, or guarantee that the VirLock Ransomware will not return. Because of this, security analysts counsel computer users to avoid making the VirLock Ransomware payment. Instead, alternate start-up methods should be used to gain access to the infected computer and then a reliable security program should be used to remove the VirLock Ransomware completely.
Aliases
15 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| McAfee | Trojan-FFGO!8803D517AC24 |
| Kaspersky | Trojan-Downloader.Win32.Geral.bgab |
| McAfee | Trojan-FFGO!0522C889F96C |
| AhnLab-V3 | Trojan/Win32.Katusha |
| McAfee-GW-Edition | BehavesLike.Win32.PWSZbot.cc |
| Kaspersky | Trojan-Downloader.Win32.Geral.bdem |
| Kaspersky | Trojan-Downloader.Win32.Geral.bhyq |
| McAfee | Trojan-FFGO!9C7A6F0BC3A9 |
| CAT-QuickHeal | TrojanDownloader.Geral.r1 (Not a Virus) |
| AhnLab-V3 | Trojan/Win32.Agent |
| Microsoft | Virus:Win32/Nabucur.gen!A |
| Antiy-AVL | Trojan[Dropper]/Win32.Demp |
| F-Prot | W32/S-7136ec3b!Eldorado |
| McAfee-GW-Edition | BehavesLike.Win32.IRCBot.dc |
| Kaspersky | Trojan-Dropper.Win32.Demp.afwh |
SpyHunter Detects & Remove VirLock Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | qQMIwwMA.exe | e2a6041309fa84fcb092ed9378363668 | 4 |
| 2. | file.exe | 62feaf87ce183b1a900471cc50aaedb4 | 4 |
| 3. | tEwkkIIo.exe | 4a9b4f250105fc5399f7592ce7451e67 | 3 |
| 4. | tEwkkIIo.exe | 66197f7baf42db37f35074bbad0c13ea | 3 |
| 5. | ECEkMkMk.exe | fae49fe8f00dbea695c0279538606ee1 | 3 |
| 6. | DUokEEgU.exe | 623ee7285d0c215de78cec880e30eb33 | 3 |
| 7. | DarkEye2.exe | 04963b5d27d46e01b9ca833afb6f682d | 2 |
| 8. | tEwkkIIo.exe | 8fa522c40c73e3602296ca5258d08183 | 2 |
| 9. | tEwkkIIo.exe | afc7afad43c58d1697d79ffc46a2e36b | 1 |
| 10. | TOgggoow.exe | 88a84f378a69e78ca1c31169c935acbf | 1 |
| 11. | tEwkkIIo.exe | d4c70ce329a76fac168a8124f4cc6812 | 1 |
| 12. | TOgggoow.exe | fa0df0dd3b38d5b615804b7f2798bd75 | 1 |
| 13. | tEwkkIIo.exe | 5492a6daed9cb8e8af3e8c7b68eebd44 | 1 |
| 14. | tEwkkIIo.exe | ad0b79598830142310ea1bfec614cc2f | 1 |
| 15. | TOgggoow.exe | 2621ad3590f078b860e484bcf786a06c | 1 |
| 16. | tEwkkIIo.exe | 79470669bb0953071f58c580d209e05a | 1 |
| 17. | tEwkkIIo.exe | 79735a9a073e1378b49d718984f1517e | 1 |
| 18. | tEwkkIIo.exe | 3d20694b56806b43429f39647f514f7a | 1 |
| 19. | TOgggoow.exe | ed5351ebb5534933c175d1ad2e32fe47 | 1 |
| 20. | tEwkkIIo.exe | 51e9a6c434a0b34ffb27ffa0204f8a08 | 1 |
| 21. | TOgggoow.exe | 283ccd93d21abbbac713f6edf98f24fe | 1 |
| 22. | TOgggoow.exe | 161ffeaebc823c72c65b0f10a268e399 | 1 |
| 23. | tEwkkIIo.exe | 5ff3347161face8743214ed24d29bd1b | 1 |
| 24. | TOgggoow.exe | d51afc50401e3298542cde07b96d8610 | 1 |
| 25. | TOgggoow.exe | 1ec6d6e9c339201a74beefb31077ddc1 | 1 |
| 26. | file.exe | dad7cc2d6e75084f4be64b4210ef1a8a | 0 |
| 27. | File.exe | b256530bd715266482ccc9af0f3e511d | 0 |
| 28. | File.exe | fe5baed5528d7814b510d903a56d8981 | 0 |
Registry Details
Directories
VirLock Ransomware may create the following directory or directories:
| %ALLUSERSPROFILE%\dekAoYQc |
| %ALLUSERSPROFILE%\dqcMAIgw |
| %ALLUSERSPROFILE%\pCUcwEQc |
| %USERPROFILE%\cQkcgwQg |
Messages
The following messages associated with VirLock Ransomware were found:
| NATIONAL SECURITY BUREAU Your computer was automatically blocked. Reason: Pirated software found on this computer. Your computer is now blocked. 7 files have been temporarily blocked on your computer. To regain computer access and restore files you are required to pay a 250 USD Blocked files will be permanently removed from your computer if the fine is not paid. The NSB has two ways to pay a fine: 1.You can pay your fine online through BitCoin. BitCoin is available nationwide. Click the tabs below to find the nearest vendor. Your computer will be unlocked after you make your payment Your computer will be unlocked within 4-5 working days. To regain access transfer bitcoins to the following address (click to copy): 198tX7NmLg6o8qcTT2Uv9cSBVzN3oEozpv After the payment is finalized enter Transfer ID below. Amount: Transfer ID: BTC 0.652 PAY FINE If the fine is not paid, a warrant will be issues for your arrest, Which will be forwarded to your local authorities. You will be charged, fined, convicted for up to 5 years. Payment |
