File-Locker Ransomware
Posted: December 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 6/10 |
|---|---|
| Infected PCs: | 17 |
| First Seen: | February 9, 2023 |
|---|---|
| Last Seen: | March 31, 2023 |
| OS(es) Affected: | Windows |
The File-Locker Ransomware is a Trojan that uses Hidden Tear-based encryption to prevent you from opening your media, such as pictures or text documents. Its attacks include Korean-English messages that ask for Bitcoin payments in return for a decryption service, although malware researchers find it likely that other, free retrieval methods are possible. Ignoring the ransom instructions, when practical, and allowing a dedicated anti-malware product to uninstall the File-Locker Ransomware is encouraged for your PC's security.
Hidden Tear Gives a Little Attention to Korea
A majority of file-blocking Trojan campaigns occur in Europe and North America, but other regions of the world, particularly other industrialized nations, also aren't ignorable as valuable targets for data hostage-taking attacks. Most families of file-locker Trojans don't include significant features specific to particular countries, and Hidden Tear, for instance, needs a few changes to be suitable for attacking places like Germany, Canada or South Korea. The latter target is the choice of the File-Locker Ransomware's campaign.
Malware researchers identified this threat only recently, which uses a slightly more basic encryption attack and, in other respects, a traditional payload that consists of appending extensions to hostage media and creating ransom messages for the victims to read. The File-Locker Ransomware uses the AES as its cipher for locking the user's files, which it runs as an invisible background process, converting the internal data into a format that's unreadable to most, other programs. Choices of files that the File-Locker Ransomware may block will exclude your OS components but can include Word documents, Excel spreadsheets, JPG or GIF pictures, MPEG movies and others.
The File-Locker Ransomware places a '.locked' extension at the end of the names of all these files, which is a feature it shares with other Trojans of the same class, including both Hidden Tear and non-HT threats like the Evasive Ransomware, the Satan's Doom Ransomware, the CyberDrill Ransomware, the Stampado Ransomware and the UpdateHost Ransomware. Then, it creates Notepad text files that include Korean and English copies of the same ransom note, which asks for a Bitcoin payment (equal to 50,000 won or 47 USD) for the threat actor's decryption help. The builds of the File-Locker Ransomware that are available to malware experts show no other symptoms, such as wallpaper-hijackings or lock-screen behavior.
The Shallowest Version of Hidden Tear Yet
The File-Locker Ransomware is, externally, very similar to other versions of Hidden Tear, both Korean-based and otherwise. However, its attacks include a vital difference: a hard-coded key to its cipher, which lacks any dynamic, per-install changes. With this key ('dnwls07193147'), anti-malware researchers could develop a free decryption tool for unlocking any of the media that this Trojan encrypts. Since most versions of Hidden Tear use more secure encoding mechanisms than this, malware researchers still emphasize backing up content, as well.
Many file-locker Trojans install themselves via e-mail messages that can include attached, corrupted documents, or disguised Trojan droppers like Trojan.Zlob. Other, inexpensive campaigns like the File-Locker Ransomware's attacks, carry themselves to random targets by hiding on file-sharing networks or pirated media-themed websites. Most active and updated anti-malware solutions should catch and remove the File-Locker Ransomware by default, and interrupt its payload.
Any users racing to pay the File-Locker Ransomware's ransom are making an enormous mistake to recover their files at a pointless asking price. Since the File-Locker Ransomware has no timing limits or other mechanisms for persuading its victims into taking quick, self-destructive actions, no one has an adequate excuse for not pausing to consider every solution possible for an infection.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.