ESET discovered new ransomeware VirLock

ESET has discovered a new type of malware under the name of Win32/VirLock. This new malware locks the screen of victim’s device and also acts as polymorphic parasitic virus infecting files on user’s device. To restore VirLock-infected files, victims can download and use ESET’s standalone cleaner. The virus infects the files by morphing them into encrypted executable containing the virus body.

Speaking about the discovery, Robert Lipovsky, Malware Researcher at ESET, said, “From a technical point of view, probably the most interesting part about VirLock is that the virus is polymorphic, meaning its body will be different for each infected file and also each time it’s executed. Moreover, our analysis has revealed multiple levels of encryption, which suggests that the malware author has truly played around with the code.”

This ransomeware is divided into two groups the LockSceerns and Filecoders. In some of the rare cases it takes a hybrid approach by both encrypting files and locking the screen by displaying a full screen message demanding ransom.