Locker Virus
Posted: May 25, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 951 |
First Seen: | May 26, 2015 |
---|---|
Last Seen: | May 1, 2023 |
OS(es) Affected: | Windows |
The Locker Ransomware is a recent variant of the Critoni Ransomware (CTB-Locker) and includes similar attacks meant to hold your files hostage for payment. Because the Locker Ransomware's file encryption attacks may damage your saved data, having multiple methods of backup file storage is one of the primary defenses malware experts advise implementing prior to a Locker Ransomware infection. Dedicated anti-malware products always should be used for deleting the Locker Ransomware immediately, since this Trojan is a direct threat to your computer's security, independently from its threat to your files.
A New File Locker for a New Month
The developers of Critoni, AKA Curve-Tor-Bitcoin Locker, previously came to the particular interest of malware researchers by using a server infrastructure that protected their file encryption campaign from analysis by PC security companies. However, that clearly was only the beginning of Critoni's story, and the 25th of May has seen a new variant of the Trojan, the Locker Ransomware, activated on Memorial Day. The Locker Ransomware includes many of the same functions as its near ancestors, including attacks meant to encrypt the files on your computer.
A time trigger (last known to activate at midnight of the 25th) causes the Locker Ransomware to launch a threatening Windows service, which encrypts various files on the infected machine. The Locker Ransomware also continues the common theme of file encryptors requesting Bitcoin-based payments to reverse their attacks, which make any affected files completely unreadable. Updates to the Locker Ransomware may force victims to identify the encrypted files manually, although PowerShell previously has been effective in generating lists of encrypted data.
The Locker Ransomware requests one tenth of a Bitcoin to decrypt your files and restore all attacked information. This 0.1 BTC is equivalent to slightly under 24 USD, a much cheaper fee than most file encryptors demand. However, as usual, malware experts have found no evidence that the Locker Ransomware's developers will honor their word of providing decryption services after the payment has been processed.
Picking Your Way out of a Trojan Locker
Most file encryption Trojans, including the Locker Ransomware, can be defeated by a combination of preinstalled anti-malware protection and common-sense data backup strategies. With respect to the latter, local backups may not be viable (since the Locker Ransomware deletes the default Windows Shadow Copies and disables System Restore). However, any backups stored on a cloud server or secondary device should be an adequate defense. All threats should be removed by anti-malware products when possible. This precaution is especially relevant to the Locker Ransomware, which has been developed by developers with some knowledge of how to block Windows features and automated software removal.
The Locker Ransomware seems to have been designed explicitly for targeting victims on Memorial Day, but its distribution method to launch its campaign still has yet to be firmly identified. Early investigations by malware researchers have noted possible ties between the Locker Ransomware and illicit file downloads, such as cracked versions of Minecraft. Chrome users and visitors of some streaming websites also may be at greater risk than others.
Until malware experts have more information, PC users can best protect themselves from the Locker Ransomware by spending Memorial Day remembering the same self-defenses that have worked for past ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.