(http://i.postimg.cc/LXtcSwvN/Microsoft-_Outlook-_Logo.jpg)
A new Botnet ransomware is currently spreading through Microsoft Outlook. The vulnerability was first discovered by TrendLabs who disclosed in a report that Virobot has both ransomware and botnet capabilities.
The vulnerability is spreading through a spam e-mail attack and is using Microsoft Outlook as the transportation route for the email.
Virobot was first observed in the wild on September 17, 2018, seven days after we analyzed a ransomware variant that imitates the notorious Locky ransomware. Once Virobot is downloaded to a machine, it will check the presence of registry keys (machine GUID and product key) to determine if the system should be encrypted. The ransomware then generates an encryption and decryption key via a cryptographic Random Number Generator. Together with the generated key, Virobot will then send the machine-gathered data to its C&C server via POST, mentioned Trend Micro (http://blog.trendmicro.com/trendlabs-security-intelligence/virobot-ransomware-with-botnet-capability-breaks-through/).
Not only that, but Virobot can also record keystrokes and share the sensitive data like Credit Card details and Passwords. The keylogger sends these details to the C&C server. As a precaution, make sure you don’t open attachments from un-trusted sources.
source (http://mspoweruser.com/new-virobot-ransomware-with-botnet-is-spreading-via-microsoft-outlook/)