Vovalex is the first ransomware written in Dlang

Vovalex Ransomware
Vovalex Ransomware
Written by Brendan Smith
A new family of ransomware called Vovalex will spread through pirated software disguised as popular Windows utilities, such as CCleaner.
GridinSoft Anti-Malware Review

GridinSoft Anti-Malware

Removing computer viruses manually may take hours and may damage your PC in the process. I recommend you to download GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day trial available for threats removal.
EULA | Privacy Policy | GridinSoft

The Vovalex ransomware has a special feature that distinguishes it from other malware of this class. In terms of functionality and operating principle, Vovalex is no different from other ransomware: it encrypts the victim’s files and then leaves her with a ransom note. However, researcher Vitaly Kremets, who discovered new ransomware, revealed an interesting feature.

🏷️ D (or Dlang) is a general-purpose programming language with static typing, systems-level access, and C-like syntax. With the D Programming Language, write fast, read fast, and run fast.

According to the expert, Vovalex may be the first ransomware written in the programming language D. According to the description on the official website, the creators of D (or Dlang) were inspired by C ++. However, D is also known to borrow a number of components from other languages. As a rule, cybercriminals do not use Dlang, but in this case, as Vitaly Kremets suggested, the attackers are most likely trying to bypass detection by antivirus programs.

The MalwareHunterTeam team was the first to stumble upon Vovalex and posted a sample of the Vovalex ransomware on VirusTotal. The guys from BleepingComputer 1 analyzed the sample and came to the conclusion that the ransomware is distributed as an illegal copy of the CCleaner utility for Windows systems. During the startup process, Vovalex opens a legitimate copy of the CCleaner installer and places its copy with an arbitrary file name in the %Temp% directory.

Fake CCleaner Installer

Fake CCleaner Installer

After that, the malware starts encrypting files on the victim’s computer by adding the .vovalex extension to them. The last step is to copy a note with the requirements to the desktop – README.VOVALEX.txt. Attackers ask for 0.5 XMR (Monero cryptocurrency) for a decoder. In dollars, this amount is approximately $69.54.

Here is a summary for the Vovalex:
Name Vovalex Virus
Contacts VovanAndLexus@cock.li
Ransomware note README.VOVALEX.txt
Extension .vovalex
Detection2 Trojan-Ransom.Vovalex (A), Ransom:Win64/Vovalex.MK!MTB, TrojanRansom.Win64.Vovalex
Symptoms Your files (photos, videos, documents) have a .vovalex extension and you can’t open it.
Fix Tool See If Your System Has Been Affected by Vovalex virus
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

References

  1. Vovalex is likely the first ransomware written in D: bleepingcomputer.com
  2. Encyclopedia of threats.
Vovalex Ransomware
Article
Vovalex Ransomware
Description
Vovalex ransomware written in the programming language Dlang. It encrypting files by adding the .vovalex extension.
Author
Copyright
HowToFix.Guide
 

German Japanese Spanish Portuguese (Brazil) French Turkish Chinese (Traditional) Korean Indonesian

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.