A1Lock Ransomware

The A1Lock Ransomware is a fake variant of the Globe Ransomware. Although it only imitates that family's symptoms, it does include functional encryption attacks that may block you from opening your files. The paid decryption solutions offered by the con artists aren't always reliable, and, ordinarily, you should use anti-malware tools for removing the A1Lock Ransomware infections, followed by reverting to your last backup.

The Premium Download that's Fueled by Misdeeds

The black market business of holding data hostage for payment is one that's prone to much exploitation by threat actors who are just as happy to take others' programming and publicity as they are to take files. A recent imitation of the Globe Ransomware family is driving the brand forward in ways that make ransoming content even easier than ever, which may be endangering for users who aren't aware of the risks. The Trojan, A1Lock Ransomware, uses a Web service with years of history in facilitating threat-related transactions as its enabler of this 'upgrade' incidentally.

The A1Lock Ransomware begins by locking files such as PNG, BMP, DOC, MP3, and PDF with an unknown encryption cipher. It appends '.707' extensions onto their names without removing the originals and places an additional HTML file in the same directory. The latter contains the threat actor's recommendations for recovering your media by using the TOR browser to navigate to the relevant website and pay a 0.06 Bitcoin price for its decryption software, which malware analysts have yet to verify for compatibility.

What makes the A1Lock Ransomware a little more original than other imitations of the Globe Ransomware is its author's direct use of the Satoshibox.com site, which allows users to pay Bitcoins to download the files it hosts. This hosting method streamlines the payment experience for the victim while also taking responsibility for maintaining the file out of the remote attacker's hands partially. Malware analysts also found similar ransoming methods employed in the campaign for the Sanctions Ransomware, although most threat actors prefer having more direct control over the process.

The Bigger Cost to Giving in to File Extortion

For those not used to dealing with cryptocurrencies, Bitcoin can seem much less expensive to pay than the reality of its conversation rates. Paying the A1Lock Ransomware's ransom under current rates would cost the victim over one hundred USD for a decryption program that may not recover their blocked media necessarily. If you're the victim of a file-encrypting attack without a backup to restore from, you should always ascertain the possible compatibility of all free decryption tools before taking more expensive methods. Use copies of any content while doing so, to reduce the chance of the decryption program causing further damage that would make a file completely unrecoverable.

While the A1Lock Ransomware's ransoming methods are well thought out, malware researchers have not confirmed what exploits it's using to install itself. When not targeting specific entities, such as private sector companies, a file-locking Trojan may circulate as a fake download for a Windows update or gaming utility. In other cases, threat actors can attach their Trojans or installers for them to e-mail messages that they design to be of interest to the target victim. Use anti-malware products with updated databases for identifying and removing the A1Lock Ransomware ahead of time.

Just because a Trojan is easier to use than before doesn't mean that this change is good for the people it's attacking. When a con artist tries to make paying him as quick and direct as possible, you always should ask what you're getting in return, particularly when it involves unverified software like an A1Lock Ransomware decryptor.