As security researchers have discovered, teams ransomware keep up with the trends of the IT industry and have created a new strain of ransomware for devices WindowsThe RegretLocker, capable of being encrypted data and on virtual disks.
Security company Malwarebytes reports that RegretLocker uses a clever trick to overcome the long time it took to encryption of the virtual disks of a machine.
The malware manages to close any files opened by a user and encrypt them.
X X X X X X X X X X X X X X X X David Ruiz, reported that the Chloé Messdaghi, Vice President in Point3 Security, describes RegretLocker as malware that "breaks the execution speed barrier to encrypting virtual files".
"RegretLocker actually occupies the virtual disk and is much faster to run than previous ransomware that attacks virtual files," he said.
Ruiz, however, said that despite the complexity of RegretLocker, he was quite ordinary in his appearance. He did not ask for a large ransom and he asked for them victims to communicate with attackers through e-mail.
The brief note received by the victims, entitled "HOW TO RESTORE FILES.TXT", Contained the following text:" Hello, friend. All your files are encrypted. If you want to restore them, send us an email: petro @ ctemplar.com.
Ruiz said RegretLocker treats virtual disks differently from other executives, who avoid these media because they are often too large and time-consuming.
"However, RegretLocker treats virtual disks differently. Uses functions OpenVirtualDisk, AttachVirtualDisk and GetVirtualDiskPhysicalPath to attach virtual disks as physical disks to Windows computers, ”Ruiz said.
"Once the virtual disk is inserted, RegretLocker encrypts the disk files individually, which speeds up the overall process." Malwarebytes researchers analyzed a sample of RegretLocker and found that it could work device is connected to Internet as well as offline.