It’s ransomware… It’s VIRLOCK
Craciun-etal-VB2015 Craciun-etal-VB2015
Statistics • Infected systems by Win32.Virlock.Gen.1/3 Virlock.Gen.1 China Russia USA Germany Iran Romania UK Canada Vietnam Virlock.Gen.3 Canada UK USA Australia Iran Romania Vietnam Germany 30.09.2015 www.bitdefender.com 30
Statistics • Areas with an increased number of affected files Country Gen.1 Gen.2 Gen.3 Gen.4 Gen.5 Canada 17.9% 0.07% 42.6% 0.07% - Vietnam 5.6% - 0.27% - 0.03% Iran 6.2% 0.02% 1.9% 0.45% - France 2.11% - - 0.36% - Netherlands 2.04% - - - - United Kingdom 1.96% - 2.22% - - 30.09.2015 www.bitdefender.com 31
- Page 1 and 2: It’s a file infector… It’s ra
- Page 3 and 4: Background • Most malware on toda
- Page 5 and 6: Ransomwares and file infectors Scre
- Page 7 and 8: Ransomwares and file infectors •
- Page 9 and 10: Ransomwares and file infectors •
- Page 11 and 12: Introducing Virlock • Virlock - h
- Page 13 and 14: Introducing Virlock File infection
- Page 15 and 16: Malware installation • Setting up
- Page 17 and 18: Malware installation • Getting to
- Page 19 and 20: Account password brute-force • A
- Page 21 and 22: Anti-analysis tricks • Detecting
- Page 23 and 24: Anti-analysis tricks • Decrypt E
- Page 25 and 26: Polymorphic engine • Basic reshap
- Page 27 and 28: Different malware versions • Simi
- Page 29: Statistics • Spreading of Win32.V
- Page 33: ? 30.09.2015 www.bitdefender.com 33
Statistics<br />
• Areas with an increased number of affected files<br />
Country Gen.1 Gen.2 Gen.3 Gen.4 Gen.5<br />
Canada 17.9% 0.07% 42.6% 0.07% -<br />
Vietnam 5.6% - 0.27% - 0.03%<br />
Iran 6.2% 0.02% 1.9% 0.45% -<br />
France 2.11% - - 0.36% -<br />
Netherlands 2.04% - - - -<br />
United Kingdom 1.96% - 2.22% - -<br />
30.09.2015 www.bitdefender.com 31
Change language