Types header


Name VirLock
Type Crypto Ransomware
Encryption Type RSA-2048
Short Description Similar to other ransomware variants, Virlock uses bitcoins nearly 250 GBP for payment. The payment is based on the location of the victim.
Symptoms Virlock not only infects documents and images but also infects binary files.
Distribution Method This file-infecting ransomware family integrates multi-layer protection codes for encoding which uses xor, xor-rol for a two-stage encryption where normal anti-virus cannot detect its existence.
Image  VirLock
More Details

After Infection Virlock spreads the codes internally where one copy of it makes itself run continuously as a Windows service and the other copy runs as a file infector, also an additional copy monitors all the processes pre-launched and re-launches if any process gets disturbed or terminated.

Virlock terminates task manager and other applications such as explorer. The infection does not need any internet connection to pop the payment window.

All the infected files are stored under a profile named %AllUsers%. This polymorphic virus holds various codes and all the decryption keys are uniquely generated for every instance.