ESET researcher Robert Lipovsky have analyzed first shape-shifting ransomware detected by ESET’s telemetry as Win32/VirLock. ESET is offering a standalone clearner to restore VirLock-infected files. Here is link for direct download: http://download.eset.com/special/ESETVirlockCleaner.exe
VirLock acts differently than any other ransomware before – it locks screen of victims device and as a polymorfic parasitic virus infects files on user‘s device. After VirLock infection, files are morphed into encrypted executables containing the virus body. Another part of its payload is then responsible for the LockScreen functionality and for displaying the ransom screen.
More information about VirLock are available on WeLiveSecurity.com.
Raphael Labaca Castro
Editor in Chief, We Live Security