Viro Botnet Ransomware

The Viro Botnet Ransomware is an encryption ransomware Trojan that seems to have originated in France. The Viro Botnet Ransomware was first observed on September 15, 2018. The Viro Botnet Ransomware uses a ransom note written in French and is a variant of HiddenTear, a well-known open source ransomware Trojan that has spawned numerous variants. The Viro Botnet Ransomware is being delivered to victims as a corrupted file named 'Office Updater.exe,' which tricks computer users into believing that it is part of an update for Microsoft Outlook.

A Fortified Version of a Hidden Tear-Based Ransomware is on the Road

The Viro Botnet Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The Viro Botnet Ransomware targets the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Viro Botnet Ransomware delivers its ransom note in a text file named 'README.txt,' which demands that the victim pays a large ransom of €500 in Bitcoin to recover the compromised files. The Viro Botnet Ransomware's ransom note, which also is delivered as an HTA program window reads:

'Vos fichiers personnels ont été chiffré.
Pour les déchiffrer, envoyez 500€ de bitcoins à cette adresse : 1BoatSLRHtKNngkdXEeobR76b53LETtpyT
Toute tentative de destruction de ce logiciel entraînera la destruction de la clé de déchiffrement.
Toute tentative de déchiffrement avec une clé erronée entraînera la perte définitive de vos fichiers.
Vous avez 72 heures pour effectuer le paiement. Après quoi, la clé de déchiffrement sera supprimée.
Clé de déchiffrement : [TEXT BOX]
[Déchiffrer mes fichiers|BUTTON]'

The Viro Botnet Ransomware ransom note translated into English:

'Your personal files have been encrypted.
To decrypt them, send 500€ bitcoins to this address:
1BoatSLRHtKNngkdXEeobR76b53LETtpyT
Any attempt to destroy this software will destroy the decryption key.
Any attempt to decrypt with a wrong key will result in the permanent loss of your files.
You have 72 hours to make the payment.
After that, the decryption key will be deleted.
Decryption key: [TEXT BOX]
[Decrypt my files|BUTTON]'

Protecting Your Data from the Viro Botnet Ransomware

The best protection against threats like the Viro Botnet Ransomware is to have file backups stored on password-guarded devices. Apart from file backups, PC security researchers also advise computer users to install a security program that is fully updated and capable of intercepting the Viro Botnet Ransomware. Since the Viro Botnet Ransomware is being delivered to victims through fake software updates mainly, it is important to ensure that any software you download and install comes from a reputable source rather than a third-party.

SpyHunter Detects & Remove Viro Botnet Ransomware