NTK Screenlocker
Posted: February 16, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 78 |
| First Seen: | February 16, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The NTK Screenlocker is a Trojan that locks your screen with a window that prevents you from closing, minimizing or resizing it to access other programs or the operating system's UI. Although the Trojan's threat actors are likely of offering ransom-based system-unlocking solutions, malware experts recommend using established security techniques to prevent this Trojan from locking your computer. Ideally, security software with anti-malware features also can delete the NTK Screenlocker and block its installation.
Your PC Getting a Downgrade to Eight-Bit Anonymous
Various threat actors continue exploiting the availability of the AdvancedRansomware builder for making new, screen-locking threats for different regions of the world. One of the last of these products malware experts had a chance to examine was the Pabluk Locker Ransomware, a Polish Trojan. Shortly afterward, the evidence is becoming visible of a very similar, French-based threat: the NTK Screenlocker. The Trojan blocks the screen with an intimidating image and embeds a bare-bones interface for ransoming access to your PC through e-mail.
Unlike many threats of its classification, the NTK Screenlocker doesn't coordinate its screen-locking attacks with any efforts to hide its origins, such as misrepresenting itself as being from the law enforcement or a Microsoft notice. When it launches, the NTK Screenlocker loads an HTA (HTML-based application) file as a pop-up window with no borders to block your desktop.
In this window, its authors choose to display an eight-bit style animation representing the Anonymous hacking organization's mask, along with basic instructions on how to ransom the PC. As usual, Anonymous has made no claims of any ties to this threat. The NTK Screenlocker embeds a button for initiating the ransoming process directly into its window and, by default, may close other applications that it detects in memory.
Freedom for Your Monitor at the Lowest Price You can Get
Despite the toolkit responsible for its existence calling itself 'ransomware,' the NTK Screenlocker omits many of the features that malware experts see in other, ransom-based Trojans. The Trojan locks your screen but doesn't encrypt or delete any of the files on your PC. Victims unable to access their desktops or other applications should use the built-in Safe Mode feature of Windows or the option of booting from an uninfected drive (such as a USB device). Regardless of the value of the PC under attack, paying ransoms or following other instructions that the NTK Screenlocker's author offers are needlessly self-destructive solutions.
After an appropriate disinfection process, the NTK Screenlocker, Pabluk Locker Ransomware, and other threats of the same category deliver minimal long-term complications to the PC. Malware experts do warn that these Trojans are incapable of distributing themselves without third-party assistance from threats like Exploit Kits or Trojan droppers. Always using dedicated anti-malware software for deleting the NTK Screenlocker and scanning the rest of your PC can help prevent any recurring issues from the lapse in security.
The NTK Screenlocker gives French-speaking PC users another form of computer-ransoming attack to thwart, but its genesis involves software that any threat actor can use for attacking any area of the world. For some, momentary carelessness about which sites they visit or files they open can turn into problems the size of their screen (or wallet).
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.