A new family of ransomware called Vovalex is being distributed through pirated software that impersonates popular Windows utilities, such as CCleaner.

Vovalex has no difference from other ransomware: it encrypts the victim's files, and then drop a ransom note.

However, researcher Vitali Kremez, who discovered a new ransomware, revealed an interesting feature. According to the expert, Vovalex may be the first ransomware written in the D programming language.

In the process of launching, Vovalex opens a legitimate copy of the CCleaner installer and places its copy with the random file name in the %Temp% directory.

After that, the malware will begin to encrypt files on the victim's computer by adding the .vovalex extension to them. The last step is to copy the requirements note named README.VOVALEX.txt to the desktop.

Source: anti-malware.ru