Coin Locker
Posted: February 19, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 37 |
| First Seen: | February 19, 2015 |
|---|---|
| OS(es) Affected: | Windows |
Coin Locker is a file encrypting Trojan that blocks your use of files of prominent formats while also demanding a ransom to provide you with its 'decryption software.' Like any other Trojan-based extortion attempt, you should ignore Coin Locker's requests and, instead, use appropriate anti-malware products to uninstall Coin Locker. After you've disinfected your PC, you can take any other steps needed to recover your files without charges, such as using a free, third-party decryption tool.
The Illicit Locker for All of Your Documents
Coin Locker is a Trojan with limited reports of its distribution until 2015, using avenues that malware researchers have yet to determine, but which appear to be non-consensual. Prior threats of a similar nature have been known to use exploit kits to install themselves automatically, as well as other methods, such as hiding their installers inside of spam e-mail attachments. Whatever its means of finding itself on your PC might be, Coin Locker shows the same goals and SOP as those of past file encryptors.
Coin Locker targets files of popular formats, including PPT (Powerpoint), derivatives of XLS (Excel) and DOC (Word) documents. These files have their internal data rearranged according to an algorithm – or encrypted, which prevents them from being opened and read correctly. At the same time, Coin Locker also generates new TXT files that Coin Locker places in most directories of your hard drive.
Coin Locker's text files offer a possible 'solution' for its attack: installing the TOR browser and using it to navigate to an obfuscated Web address, which provides the ultimate ransom request. As per usual standards for such Trojans, there are no guarantees that paying the ransom demanded at this website will provide the decryption software that's supposedly able to restore your files. Malware experts also emphasize that most file encryption Trojans like Coin Locker fail to provide proper information for initializing decryption through their services, which tend to be fraudulent.
Breaking Open the Coin Locker
Coin Locker is a threat to your files in exactly the same ways as other file encrypting Trojans have been in the past. However, its attacks also are vulnerable to the same workarounds, such as diligent backup methodology allowing you to restore files to a point before the attack. For such purposes, malware experts especially advise using remotely stored file backups, such as USB devices or Cloud servers, which are beyond the reach of Coin Locker and similar threats. In other cases, where the type of encryption algorithm in use is notably weak, you also may find tools provided by various PC security companies meant to reverse the process. Typically, these tools are released for specific Trojans like Coin Locker, as they become widely distributed.
Whatever you choose to do with your afflicted files, paying the people behind Coin Locker clearly is not in your best interest. Rather than giving its perpetrators exactly what they want for no likely benefit, you should delete Coin Locker with anti-malware products supported by strong PC security methodology. Since the Coin Locker campaign is a relatively recent one, you also may need to update your anti-malware scanner's database before it can identify Coin Locker correctly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.