Vovalex Ransomware Description
The Vovalex Ransomware is a file-locking Trojan that blocks the user's media, such as pictures and documents, by encrypting each file. The Vovalex Ransomware demands a Monero-based ransom and infects users currently by bundling with unofficial downloads of in-demand software, such as Registry cleaners. Users should avoid unofficial download resources like torrents, scan new files for threats, back up their work, and let anti-malware programs delete the Vovalex Ransomware on detection.
Newly-Unleashed Trojans Taking Advantage of Software Pirates
Downloading a premium version of a program might seem too much of a bargain to be true – and, in some cases, that's more than just second-guessing oneself. The Vovalex Ransomware campaign, a newly-released threat similar to the STOP Ransomware or the Crysis Ransomware (among others), is taking advantage of software pirates for finding easy-to-plunder victims. The modus operandi after getting onto the computer is standard enough, though, and consists of not much more than threatening encryption attacks and a ransom note.
The Vovalex Ransomware is a Windows threat that bundles itself with other downloads of in-demand but ilicit products, such as a cracked version of the Registry-cleaning tool, CCleaner. As part of its effective disguise, the installer does install the desired program, which provides the perfect distraction. Simultaneously, the Vovalex Ransomware starts encrypting and locking the user's pictures, documents, spreadsheets and other media.
The Vovalex Ransomware's payload's final touches include 'vovalex' extensions on the hostage-taken files and a text ransom note in both English and Russian. The threat actor asks for what malware experts point out as a notably-small ransom of seventy USD in Monero (instead of the more-popular Bitcoin cryptocurrency). With these facts, it's self-evident that the Vovalex Ransomware's developer plans on making money by compromising as many random victims as possible, emphasizing easy targets like home users and casual software pirates.
While viable potentially, the strategy contrasts with the corporate and government network-targeting Trojan families and those that lock weakly-protected website servers.
Programming Innovation in Otherwise-Ignorable Trojan Projects
Users considering the Vovalex Ransomware's payload and circulatory tactics may question the importance of the Trojan's campaign, comparable to a less-popular version of STOP Ransomware's Ransomware-as-a-Service. However, the Vovalex Ransomware samples under analysis confirm that the program's language is highly-unusual: D or Dlang. This language takes significant inspiration from C++, but this campaign is the first time it's put to work in a Trojan campaign, as far as malware researchers can determine.
Modern anti-malware services should delete the Vovalex Ransomware from infected systems and block infection attempts, regardless of the above facts. Malware experts also continue emphasizing backups on other systems or storage drives as essential for thwarting the Vovalex Ransomware's file-locking sabotage.
The Vovalex Ransomware seems relatively contained, for the moment, but could go global quickly and target users with all-too-believable installer shell games. When one download option results in widespread loss of precious files, there's little justifying software piracy, no matter the expense of the product.