Elmer's Glue Locker Ransomware

Posted: May 30, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	67

First Seen:	May 30, 2017
Last Seen:	April 18, 2018
OS(es) Affected:	Windows

The Elmer's Glue Locker Ransomware is a Trojan that blocks your screen by displaying a pop-up demanding a Bitcoin cash transfer to the threat actor's wallet. While the Elmer's Glue Locker Ransomware displays an unusually expensive ransoming fee, its attacks are limited in nature, and malware experts can recommend other ways of recovering from an infection. Most PCs protected by anti-malware products should experience few or no obstacles to deleting the Elmer's Glue Locker Ransomware immediately, but they also may remove it after its pop-up loads.

The Price of Sniffing the Glue a Little Too Hard

There are wealth of opportunities for con artists to find when designing new Trojans with data or screen-locking features, and even something as simple as the software's name can communicate much about the campaign's goals. Some canny but less work-motivated threat actors prefer to misappropriate the labels and titles of more well-designed threats. Others, like the more frivolous Elmer's Glue Locker Ransomware, use the brands of legitimate products for pure publicity.

Once ignoring its author's choice of branding, the Elmer's Glue Locker Ransomware is a Trojan whose payload consists only of a screen-locking feature, for now. Similar threats may include additional features meant to delete local backups, encrypt content like documents, or disable various security features. However, the first version of the Elmer's Glue Locker Ransomware that malware experts are analyzing includes no attacks of note, besides its screen-blocking pop-up.

This window is launched without a border or other UI elements, keeping the user from being able to resize it, use other programs, or get to the desktop. The text of the pop-up is a notable aberration for requiring that you unlock your computer by making a substantial payment of 16 Bitcoins, which converts to USD at tens of thousands of dollars. The ransom quantity may be a typo, or, merely, a symptom of the threat actor's limited coding experience; the Elmer's Glue Locker Ransomware includes no additional attacks that would cause damage to make paying such an expensive ransom worthwhile to almost any victim.

Dissolving the Glue Latched onto Your Screen

Surprisingly, the Elmer's Glue Locker Ransomware's creator failed to implement even the most basic protection against having its pop-up terminated via the traditional Windows shortcut of Alt + F4. Since the Elmer's Glue Locker Ransomware causes no file damage of any note, regaining access to your Windows interface should help you achieve a complete recovery from the infection without any payment. On the other hand, any victims making the unwise choice of paying will not be able to recover their transferred cryptocurrency without the threat actor's consent.

The Elmer's Glue Locker Ransomware's payload is limited in scope sufficiently as to provide some inadvertent protection against anti-malware scans from some brands. Updating your security software when prompted can keep them as accurate as possible for deleting the Elmer's Glue Locker Ransomware and similar, low-level threats that are newly identifiable. Distribution points for less professional Trojans of this type can include bundling with downloads, such as illicit torrents, along with e-mail or social network-based spam.

The Carolinian Elmer's Products company and its associated products have no relationship with this Trojan's campaign. Based on the Elmer's Glue Locker Ransomware's current capabilities, malware experts rate it as a negligible risk to the company's reputation.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 716.28 KB (716288 bytes)
MD5: 41cc8d45953dbd54044cee46dc392668
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 31, 2017