RegretLocker ransomware is targeting Windows virtual machines

RegretLocker ransomware has been first discovered in October and seemed to be simple ransomware at the first glance, with its ransom note containing communication email rather than Tor payment site. RegretLocker encrypts files by appending the .mouse extension to the file names. However, RegretLocker proved to be extremely dangerous due to its advanced features, that are rarely seen in ransomware infections. RegretLocker uses a unique technique of mounting a virtual disk file to encrypt each file individually, by using Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, and GetVirtualDiskPhysicalPath functions to mount virtual disks. Read more...