Home Malware Programs Ransomware AlldataLocker Ransomware

AlldataLocker Ransomware

Posted: September 13, 2018

The AlldataLocker Ransomware is a file-locker Trojan that holds your media hostage by moving it into a password-protected archive. This threat's campaign spreads via brute-force attacks, which can include other side effects and security implications, such as hijacking the network admin's login credentials or erasing other data. Users can protect themselves by having logins that are less at risk against brute-force techniques, possessing anti-malware programs for finding and removing the AlldataLocker Ransomware, and making secure backups regularly.

The File-Locker Trojan that Lets Other Software Do the Hard Work

A campaign for extorting money out of users after blocking their access to their files is ongoing as of the middle of August. This file-locking Trojan is an apparent continuation of a similar series of attacks by the same threat actor that, previously, compromised the MGM New Bombay Hospital's data and held it for ransom. The AlldataLocker Ransomware's name comes from the archive that it places all of its 'prisoners' into, instead of taking the traditional route of encrypting every file, one by one.

The AlldataLocker Ransomware uses space-compressing formats such as ZIP and RAR for holding the files that it attacks, and implements a password for locking the user's access to this archive. Malware analysts do, occasionally, see this technique in play (for example, in the ZipLocker Ransomware campaign of last year), but it's less conventional than the individual AES encryption routines that the majority of file-locker Trojans prefer. However, it's no less efficient for blocking the user from any media that the threat actor targets, such as databases, documents or spreadsheets.

Besides the creation of the archive 'prison' for the user's files, the AlldataLocker Ransomware also adds a text note to the hard drive that uses a Telegram-based ransoming negotiation method. While malware experts don't encourage paying ransoms for decryptors or passwords for recovering data from criminals' attacks, there isn't a free solution for breaking the AlldataLocker Ransomware's password protection, for now. Safe and updated backups are, as a result, the only fully verifiable way of recovering any media.

Pulling Your Files Back When They 'Zip' Away

The AlldataLocker Ransomware is in the wild and is attacking vulnerable businesses after the threat actors brute-force their way into possessing the necessary login credentials. Using factory-stock passwords or account usernames can increase the danger of being brute-forced. Examples of safe credentials for protecting your network can include using strings with long, complex combinations of alphanumeric keys in varying cases. Some attacks could arrive through other infection vectors; for example, targeted spam e-mails.

Some of the side effects of the AlldataLocker Ransomware infections also encompass other security issues, such as the hijacking of admin accounts and the non-consensual deletion of SQL server databases. It's unclear whether these issues are included in the AlldataLocker Ransomware's payload or are the work of a remote attacker's manual intervention. Those who are already taking other precautions, including robust password management and backups, can further defend their PCs by having anti-malware programs that are capable of blocking and removing the AlldataLocker Ransomware automatically.

Just like a cryptocurrency-mining application, using a third-party program like WinRAR or WinZip can be non-consensual and threatening for the host computer. Even though the AlldataLocker Ransomware benefits from non-threatening software's features, its mode of attack is just as bad as those of file-locker Trojans that do all the hard work of encryption without any help.

Loading...