Vovalex is the first ransomware written in Dlang

Vovalex Ransomware
Vovalex Ransomware
Written by Brendan Smith
A new family of ransomware called Vovalex will spread through pirated software disguised as popular Windows utilities, such as CCleaner.
Brendan Smith
Brendan Smith
IT Security Expert
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer's work, the proverb "Forewarned is forearmed" describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

The Vovalex ransomware has a special feature that distinguishes it from other malware of this class. In terms of functionality and operating principle, Vovalex is no different from other ransomware: it encrypts the victim’s files and then leaves her with a ransom note. However, researcher Vitaly Kremets, who discovered new ransomware, revealed an interesting feature.

๐Ÿท๏ธ D (or Dlang) is a general-purpose programming language with static typing, systems-level access, and C-like syntax. With the D Programming Language, write fast, read fast, and run fast.

According to the expert, Vovalex may be the first ransomware written in the programming language D. According to the description on the official website, the creators of D (or Dlang) were inspired by C ++. However, D is also known to borrow a number of components from other languages. As a rule, cybercriminals do not use Dlang, but in this case, as Vitaly Kremets suggested, the attackers are most likely trying to bypass detection by antivirus programs.

The MalwareHunterTeam team was the first to stumble upon Vovalex and posted a sample of the Vovalex ransomware on VirusTotal. The guys from BleepingComputer 1 analyzed the sample and came to the conclusion that the ransomware is distributed as an illegal copy of the CCleaner utility for Windows systems. During the startup process, Vovalex opens a legitimate copy of the CCleaner installer and places its copy with an arbitrary file name in the %Temp% directory.

Fake CCleaner Installer

Fake CCleaner Installer

After that, the malware starts encrypting files on the victim’s computer by adding the .vovalex extension to them. The last step is to copy a note with the requirements to the desktop – README.VOVALEX.txt. Attackers ask for 0.5 XMR (Monero cryptocurrency) for a decoder. In dollars, this amount is approximately $69.54.

Here is a summary for the Vovalex:
NameVovalex Virus
Ransomware note README.VOVALEX.txt
DetectionTrojan-Ransom.Vovalex (A), Ransom:Win64/Vovalex.MK!MTB, TrojanRansom.Win64.Vovalex
SymptomsYour files (photos, videos, documents) have a .vovalex extension and you can’t open it.
Fix ToolSee If Your System Has Been Affected by Vovalex virus
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. Vovalex is likely the first ransomware written in D: bleepingcomputer.com
Vovalex Ransomware
Vovalex Ransomware
Vovalex ransomware written in the programming language Dlang. It encrypting files by adding the .vovalex extension.

German Japanese Spanish Portuguese (Brazil) French Turkish Chinese (Traditional) Korean Indonesian

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

Leave a Reply