CLock.Win32 Ransomware

Posted: November 6, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	95

First Seen:	November 6, 2016
OS(es) Affected:	Windows

The CLock.Win32 Ransomware is a Trojan that disables various Windows applications associated with system security and resource monitoring functions. Malware experts found no permanent damage associated with this Trojan's payload, but a prolonged state of infection may make your PC vulnerable to attacks from other threats. Remove the CLock.Win32 Ransomware with anti-malware products as necessary while disregarding any ransom instructions this Trojan may deliver through pop-ups.

Stopping Your Windows Software with Every Tick of a CLock

Although the widespread abuse of file-encryption supplants a majority of other philosophies for computer-based extortion, Trojans also can hold a PC hostage in much simpler ways. One attack often seen in support of others, but rarely as a primary feature, is using any of several exploits for blocking Windows tools like the Task Manager. With the CLock.Win32 Ransomware, malware experts can confirm at least one threat attempting to make money off of that relatively simple capability.

The CLock.Win32 Ransomware is compatible with most Windows PCs that use Intel 386 or newer processors. Its file size is deceptively small at under twenty kilobytes, making it possible for the threat to disguise itself as an image, mp3, or other, non-executable file. Once the user launches it, the CLock.Win32 Ransomware disables the following software:

CMD (the Command Prompt).
The Windows Task Manager.
The Registry Editor.

All of these tools can be useful for recovering from threat attacks or monitoring their activities, and all in default Windows installations. With these utilities blocked, the CLock.Win32 Ransomware launches Windows pop-up messages (that identify the Trojan with the misspelling of as being 'ransomeware'). The last window includes a ransom payment button for disinfecting your PC.

Rewinding Back the Clock on Your Windows Woes

Very unusually, the CLock.Win32 Ransomware accepts its financial transactions through a Paypal account, an incredibly risky move that makes it highly unlikely that this Trojan is the product of a professional or well-trained threat actor. While the CLock.Win32 Ransomware is a 'script kiddy' level Trojan that's far from a rootkit or modular spyware program, Windows users without access to tools like the Task Manager may find themselves impeded from implementing many security strategies. While it doesn't represent a direct danger to any local files, malware experts highly discourage allowing the CLock.Win32 Ransomware to remain on your PC for longer than necessary.

Although the CLock.Win32 Ransomware is a new threat, rates of detection against it are on the rise, and anti-malware programs adequately updated should be able to remove the CLock.Win32 Ransomware without any further incident. Malware experts have yet to see the CLock.Win32 Ransomware expand its attacks to including professional anti-malware or anti-virus brands.

At its worst, the CLock.Win32 Ransomware is a threat that takes limited control over your Windows environment out of the hopes of making Paypal-based profits. With that company lacking the anonymity protection con artists prefer from cryptocurrencies and other e-money services, one can hope that the CLock.Win32 Ransomware's campaign soon will come to an abrupt halt as the threat actor's account is locked.

CLock.Win32 Ransomware

Threat Metric

Stopping Your Windows Software with Every Tick of a CLock

Rewinding Back the Clock on Your Windows Woes

Leave a Reply