Sophos, a computer security software and hardware company, has presented an analysis on the difference between the standard type of ransomware and a new type that has appeared to be a quite sophisticated piece of malware. They call it VirRansom.
What the Typical Ransomware Does
Typically, ransomware is malware which locks the infected computer and demands payment (a ransom) in order to remove the restriction. Some types of ransomware may simply lock your computer and display messages asking for ransom. Others, however, encrypt specific files on your hard drive.
Ransomware usually sneaks into your system either via fake urgent emails to provoke you to open the infected file, or via zombie malware which is already on your computer waiting for instructions to download the ransomware.
What VirRansom Is All About
Unlike worms which add infected files into your system and deleting them will successfully clean it, parasitic viruses flood your computer with loads of infected files which can spread on other computers too. Even more, if you miss to clean only one of these files, the infection will start spreading all over again.
The tricky part with this hybrit parasite is that it doesn’t simply add infected files to your system – it infects your own ones, so deleting them is thus not an option. You must clean up each and every file carefully, by extracting the infection from it.
VirRansom not only infects your program files, but your data files too, which are then camouflaged as .exe files and the icons of these files appear the same as the original ones. This way, you can easily click on the infected files without being able to recognize any changes to them. By opening an infected file, you automatically allow the virus to start running, to install itself on your hard disk and to set a registry entry in order to be able to run by itself regardless of whether you have logged out or not.
Once you have let the virus in, it will start looking for other files to infect. Worse still, it will run two malware processes simultaneously which will look after each other. If one is killed, the other one restarts it. Finally, similarly to the Reveton family or malware, it gets to the point where it is ready to display the ransom message stating that your computer has been automatically blocked due to pirated software. On the other hand, it scrambles your files just like CryptoLocker family of malware does. And, you have to pay the fine of £150 in order to get your system back.
Regular anti-malware programs would simply not work here.