New ransomware virus launches virtual machine to access files

British cybersecurity firm Sophos has reported a new ransomware virus called Ragnar Locker, whichlaunches a virtual machine to access user files and bypass antiviruses.

Information Security Specialistsnoted that due to the launch of the virtual machine, Ragnar Locker bypasses antiviruses and encrypts files. In this case, the encryption virus, as a rule, attacks corporate networks, and not private users.

Hackers demand really impressive amountsfor decrypting files. So, they requested 1,850 BTC (about $ 17 million at the current rate) for the code for decrypting Energias de Portugal's data. In case of refusal to pay bitcoins, the attackers threatened to sell the company's corporate secrets to competitors.

Sophos experts said that for infectionThe computer virus exploits vulnerabilities in the Windows Remote Desktop system. After receiving administrative privileges, Ragnar Locker starts a virtual machine with a stripped-down copy of Windows XP called “Micro XP v0.82”.

"Operators have discovered a new ransomware virus,which uses a virtual machine to bypass computer security products. Like other similar viruses, Ragnar Locker steals data to convince the victim to pay a ransom. If the ransom is not paid, then the data is published on the group’s website in the anonymous Tor network, ”said Brett Callow, a cybersecurity specialist at Emsisoft.

He also stressed that the company, whichwere attacked by similar viruses, are in an unenviable position. Even with the payment of the ransom, they only have the promise of the hackers that they will not publish or sell the data.

Let us remind you that the other day the Group-IB company reportedabout the new ProLock encryption virus, which demands a ransom in bitcoins for decrypting files. True, unlike Ragnar Locker, ProLock does not steal user data for subsequent blackmail.

</p></p>