Home Malware Programs Ransomware Locker Virus

Locker Virus

Posted: May 25, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 951
First Seen: May 26, 2015
Last Seen: May 1, 2023
OS(es) Affected: Windows

The Locker Ransomware is a recent variant of the Critoni Ransomware (CTB-Locker) and includes similar attacks meant to hold your files hostage for payment. Because the Locker Ransomware's file encryption attacks may damage your saved data, having multiple methods of backup file storage is one of the primary defenses malware experts advise implementing prior to a Locker Ransomware infection. Dedicated anti-malware products always should be used for deleting the Locker Ransomware immediately, since this Trojan is a direct threat to your computer's security, independently from its threat to your files.

A New File Locker for a New Month

The developers of Critoni, AKA Curve-Tor-Bitcoin Locker, previously came to the particular interest of malware researchers by using a server infrastructure that protected their file encryption campaign from analysis by PC security companies. However, that clearly was only the beginning of Critoni's story, and the 25th of May has seen a new variant of the Trojan, the Locker Ransomware, activated on Memorial Day. The Locker Ransomware includes many of the same functions as its near ancestors, including attacks meant to encrypt the files on your computer.

A time trigger (last known to activate at midnight of the 25th) causes the Locker Ransomware to launch a threatening Windows service, which encrypts various files on the infected machine. The Locker Ransomware also continues the common theme of file encryptors requesting Bitcoin-based payments to reverse their attacks, which make any affected files completely unreadable. Updates to the Locker Ransomware may force victims to identify the encrypted files manually, although PowerShell previously has been effective in generating lists of encrypted data.

The Locker Ransomware requests one tenth of a Bitcoin to decrypt your files and restore all attacked information. This 0.1 BTC is equivalent to slightly under 24 USD, a much cheaper fee than most file encryptors demand. However, as usual, malware experts have found no evidence that the Locker Ransomware's developers will honor their word of providing decryption services after the payment has been processed.

Picking Your Way out of a Trojan Locker

Most file encryption Trojans, including the Locker Ransomware, can be defeated by a combination of preinstalled anti-malware protection and common-sense data backup strategies. With respect to the latter, local backups may not be viable (since the Locker Ransomware deletes the default Windows Shadow Copies and disables System Restore). However, any backups stored on a cloud server or secondary device should be an adequate defense. All threats should be removed by anti-malware products when possible. This precaution is especially relevant to the Locker Ransomware, which has been developed by developers with some knowledge of how to block Windows features and automated software removal.

The Locker Ransomware seems to have been designed explicitly for targeting victims on Memorial Day, but its distribution method to launch its campaign still has yet to be firmly identified. Early investigations by malware researchers have noted possible ties between the Locker Ransomware and illicit file downloads, such as cracked versions of Minecraft. Chrome users and visitors of some streaming websites also may be at greater risk than others.

Until malware experts have more information, PC users can best protect themselves from the Locker Ransomware by spending Memorial Day remembering the same self-defenses that have worked for past ransomware.

Related Posts

Loading...