A new Botnet ransomware is currently spreading through Microsoft Outlook. The vulnerability was first discovered by TrendLabs who disclosed in a report that Virobot has both ransomware and botnet capabilities.
The vulnerability is spreading through a spam e-mail attack and is using Microsoft Outlook as the transportation route for the email.
Virobot was first observed in the wild on September 17, 2018, seven days after we analyzed a ransomware variant that imitates the notorious Locky ransomware. Once Virobot is downloaded to a machine, it will check the presence of registry keys (machine GUID and product key) to determine if the system should be encrypted. The ransomware then generates an encryption and decryption key via a cryptographic Random Number Generator. Together with the generated key, Virobot will then send the machine-gathered data to its C&C server via POST, mentioned Trend Micro.
Not only that, but Virobot can also record keystrokes and share the sensitive data like Credit Card details and Passwords. The keylogger sends these details to the C&C server. As a precaution, make sure you don’t open attachments from un-trusted sources.
source
