• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

RegretLocker: Ransomware for Virtual Machines

You are here: Home / Security News / RegretLocker: Ransomware for Virtual Machines

Cybersecurity is constantly evolving, and malicious software (otherwise known as ransomware) is on the rise. Famously placed under the spotlight by the WannaCry ransomware attack that took the globe by storm back in 2017, RegretLocker is a new breed of ransomware that was discovered in October 2020.

Unlike its predecessor, RegretLocker is a new and advanced form of ransomware. It appears simple because it contains a ransom note, and instead of linking to a Tor payment site, it uses email for communication.

RegretLocker email

 

RegretLocker’s Features

What makes RegretLocker different is that it targets the virtual hard drives of virtual machines. It encrypts files by tagging a .mouse extension onto the encrypted files. It also has the ability to mount into virtual hard disks (VHD) using the following sequence, as analyzed by Intel’s Vitali Kremez and discovered by the MalwareHunterTeam:

  • In order to mount onto VHD or VHDX files, RegretLocker uses Windows Virtual Storage API to conduct a 3 sequence execution:
      1. Open Virtual Disk function
      2. Attach Virtual Disk function
      3. Get Virtual Disk Physical Path function

RegretLocker

 

  • In addition to the above, RegretLocker also utilizes the Windows Restart Manager API, in order to terminate processes or Windows services that keep files open during the encryption process.
  • Using the Windows Restart Manager API, the ransomware will not terminate any processes that contain ‘vnc’, ‘ssh’, ‘mstsc’, ‘System’, or ‘svchost.exe’, so as to prevent the termination of critical programs that could be used by the threat actor to access the compromised system.

Currently, RegretLocker is not highly active. However, that doesn’t mean we can take our eyes off the ball. It is vitally important to make sure that the virtual machine infrastructure of your organization is secure.

Contact us at Agilient for professional consultation around systems security and having an effective security management system.

Author: Saeed Baayoun, Agilient Consultant

Tweet
Share

Security News API,  cybersecurity,  MalwareHunterTeam,  ransomware,  RegretLocker,  security management system,  VHD,  WannaCry

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692