CoronaLocker
CoronaLocker is a screen-locking Trojan that can block the Windows UI with a lock-screen and related pop-ups. Although its threat actor asserts that the user's files are encrypted, this threat doesn't modify any media files in current versions. Users should use appropriate means of bypassing the lock-screen and remove CoronaLocker with anti-malware tools, as well as repairing any damaged Windows components, such as the Registry.
Not Every 'Encryption' Attack is What It Looks Like
After, ironically, infecting the PC of a friend of a security researcher, a new type of screen-locking Trojan is getting its due day of analysis. CoronaLocker is a Trojan that pretends that it blocks files, but its functions favor hampering the user's interface access, instead of modifying data. Although it's less of a danger to one's files than, for example, the Jigsaw Ransomware, it is a notable security threat – and one of many that themes itself after the Coronavirus epidemic.
CoronaLocker spreads by pretending that it's a hacking utility for wireless networks. The installer generates a series of Visual Basic scripts that launch with the aid of a batch file and proceed with CoronaLocker's attacks. Less-evident but highly-threatening aspects of the Trojan include disabling essential UI elements like the Start Menu and the Task Manager by changing Registry settings. However, users are more likely to notice what malware experts deem as its most visible attack: restarting the computer and forcing it into a supposedly no-escape 'corona virus' ransoming screen.
CoronaLocker has a preset password ('vb') for unlocking the PC. However, users taking its text message at its word may assume that the Trojan is locking their files and that the only way of recovering the computer, or its contents, is through the ransom.
Taking the Contagion Out of CoronaLocker
CoronaLocker offers an urgent example of the security risks in downloading illicit content, 'hacking' utilities on warez sites, torrents, and similar sources, particularly. The executable offers no networking login-breaching functionality, and its name is the only appeal it holds for would-be Wii hackers. Samples are targeting various versions of Windows, only, for now.
Cases like CoronaLocker also serve as demonstrations of the value of hijacking local news for Trojan campaigns. The COVID-19 epidemic is a current, favorite theme for many threats, including real file-locker Trojans like the SARS-CoV-2 Ransomware, destructive saboteurs like the 'COVID-19.exe' Wiper, and Remote Access Trojans like the SpyMax RAT. In this case, the disease is a taunting inclusion in the warning screen, but in others, it can be part of an infection vector (such as a scheme selling free masks).
Users should let their anti-malware software remove CoronaLocker after escaping the lock-screen through its password or another method, such as booting through USB drives. After disinfection, further repairing of Windows is necessary for fully restoring access to the desktop's shortcuts, other parts of the UI, and default Windows programs.
It should shock no one precisely that Trojans are capable of lying. CoronaLocker is, arguably, even worse than a pox on anyone's house – since enemies created by nature are, unlike software, incapable of leveraging corrupted wordplay with their attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.