Throughout the past few years, many consumers and businesses have come face to face with some form of ransomware. Even though some of these attacks have been successfully thwarted, most infections result in the Bitcoin ransom being paid without much delay. Virlock was bringing something new to the table, as this malware combines Bitcoin ransomware with file infection.

also read: Bitcoin Ransomware Education – TeslaCrypt

Virlock Is More Than Just Bitcoin Ransomware

As the name suggests, Virlock was about more than just encrypting computer files and demanding a Bitcoin ransom to be paid. To be more precise, the malware infects computer files and comes bundled with other types of malware that will wreak havoc on infected machines.

Detecting a threat like Virlock has been quite a hassle for antivirus programs and security experts, as the malware automatically modifies computer registry entries as soon as arrives on a computer. Not only do these modifications prevent detection of the threat, but it also ensures Virlock remains operational at any given time.

But this Bitcoin ransomware was quite clever in its own right, as it would lock the screen of the affected computer, preventing users from doing anything else but follow the on-screen directions. Speaking of which, the malware could check the location of the infected computer and display an appropriate ransom message, making it look like an official notice from law enforcement taking over the computer.

As if the threat of ransomware itself is not worrying enough, Virlock managed to trick users into executing infected files, which would only unleash more hell on the computer. Users who did not see the ransomware message pop up would remain blissfully unaware of this infection, putting sensitive data at risk.

This powerful and potent combination of tools, wrapped around a polymorphic form of malware, claimed a lot of victims in the United States. China, Australia, Canada, and The Philippines were in the top five of targeted regions as well. Considering how Virlock could infect entire computer networks, it is not hard to see why this ransomware started appearing all over the world.

Staying true to its polymorphic nature, VirLock would change the ransom amount every time. It took quite some time until security experts came up with a tool to thwart most of these attack vectors, yet the malware remains a threat to this very day. The only precaution users can take is limiting the number of computers they connect removable drives to.

Source: Trend Micro

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.