CryptoLocker3 Ransomware

Posted: December 28, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	10

First Seen:	December 28, 2016
OS(es) Affected:	Windows

The Cryptolocker3 Ransomware or PClock is a Trojan that imitates the identity of CryptoLocker while also locking your files until you make a Bitcoin payment. Since the Cryptolocker3 Ransomware's built-in decryptor is no more effective than options found elsewhere at no charge, malware experts suggest that you withhold the ransom money, when possible. Some anti-malware products also can delete the Cryptolocker3 Ransomware during its installation process or afterward, although they may require updates for identifying this new threat.

Trojans Still Use Other Trojans for Cover

The history of CryptoLocker extends long past the last verifiable evidence of its activities in the wild. New threats with similar avenues of attack, such as the Cryptolocker3 Ransomware, continue marketing themselves as being updates of Cryptolocker falsely even though there's no technical basis for a relationship. With the Cryptolocker3 Ransomware, this goes as far as merging the misappropriated brand identity with its choices of filename labels and ransom notices.

The Cryptolocker3 Ransomware uses an XOR-based encryption method and may scan for various file formats to lock, including JPG, PPT, CDR, XLS, RAW, DOC and MDF. Although malware researchers have yet to see the Cryptolocker3 Ransomware damaging executable ('.exe') content, the Cryptolocker3 Ransomware does include the Program Files directory in its scans along with the Windows 'user' folder.

Files that the Cryptolocker3 Ransomware encrypts also acquire new '.cryptolocker' extensions and different variants of the Cryptolocker3 Ransomware may or may not replace your desktop background with an image of their choice additionally. Its last function with symptoms visible to the victim is the creation of an HTA pop-up that checks for Bitcoin ransom payments automatically. The pop-up continues the ruse of the Cryptolocker3 Ransomware supposedly being a new version of Cryptolocker and provides a complete text list (either 'encrypted.txt' or 'enc_files.txt') of all your blocked content.

Giving Masked Threats the Only Pay It Deserves

So far, seven variants of the Cryptolocker3 Ransomware are in distribution in the wild. Given the short time frame between its identification and the updates, different threat actors most likely are paying for the privilege of distributing custom versions of the Cryptolocker3 Ransomware to new targets according to their preferences. Most versions will erase local backup and SVC data, increasing the difficulty of data recovery without using non-local backups. Malware researchers are finding most versions of the Cryptolocker3 Ransomware are vulnerable to free decryption programs. The remainder is equally unresponsive to both free utilities and the built-in decryptor, meaning that any victims gain nothing from paying the Cryptolocker3 Ransomware's Bitcoin fee. Catching and deleting the Cryptolocker3 Ransomware with anti-malware products before it can cause any harm is, as always, the strategy malware experts most freely endorse.

Whether it calls itself 'Cryptolocker' or another name, the Cryptolocker3 Ransomware can block and even damage your PC's files permanently. Taking the safety of valuable documents or images for granted can come with a price that's all too easy to ignore until it's too late.

CryptoLocker3 Ransomware

Threat Metric

Trojans Still Use Other Trojans for Cover

Giving Masked Threats the Only Pay It Deserves

Leave a Reply