FilesLocker Ransomware
The FilesLocker Ransomware is a file-locking Trojan that creates symptoms similar to those of the '.wcry File Extension' Ransomware or WannaCryptor Ransomware. The users should protect their files from harmful encryption and similar attacks by backing them up to more than one device that this threat can't compromise. In most infection scenarios, removing or quarantining the FilesLocker Ransomware safely should be left to professional anti-malware products before testing your options for data recovery.
A Wannabe WannaCryptor Ransomware
One of the most archetypal cases of a file-locker Trojan family that's being mimicked by threat actors far and wide is getting another 'fan,' thanks to the FilesLocker Ransomware's campaign. This threat provides similar features to that of the '.wcry File Extension' Ransomware, including being capable of locking media-based content. Its ransom note also is nearly the same as that of the family members of that group that malware experts noted previously. However, as far as malware experts are determining, it's not a direct variant, but a humble copycat or imitator.
The FilesLocker Ransomware is Windows software that, sometimes, uses the disguise of a 'svchost,' which is a Windows component that many file-locker Trojans like it imitate. This fake filename lets the FilesLocker Ransomware run without drawing any notice from the user – since it's normal for multiple instances of svchost.exe to be running in the background. Unlike any part of Windows, however, the FilesLocker Ransomware engages in encryption-based attacks that don't require any permission before locking the system's media.
Malware researchers are warning that documents, pictures, archives, spreadsheets, music, and movies are likely of being targeted by the FilesLocker Ransomware, either through their location (such as the default downloads directory) or their extensions. Whether or not the FilesLocker Ransomware changes the names of these files, in addition to blocking them with its encryption routine, isn't verifiable yet. The exact encryption method also is speculative, but most file-locker Trojans, such as Hidden Tear and EDA2, use an AES algorithm.
The Real Cost of a Thousand-Dollar Ransom
Besides the act of blocking data, the FilesLocker Ransomware swaps the desktop with a warning message including both English and, notably, Chinese text. Its pop-up imitates the format of the WannaCryptor Ransomware relatively precisely, and asks for 0.25 Bitcoins, equal to roughly one thousand USD, for the decryptor. While paying the ransom involves a risk of getting nothing back, some victims may find that the threat actors' provision of a three-file 'sample' decryption is helpful.
Malware researchers strongly encourage donating samples of the FilesLocker Ransomware and encrypted files to interested and reputable security researchers for in-depth analysis. Infection strategies that the threat's campaign may be using include e-mail spam with accompanying attachments or links, as well as brute-force attacks, or even free file-sharing networks like torrents. Many anti-malware brands will delete the FilesLocker Ransomware securely on sight, although relatively few of them are detecting it accurately as being a file-locker Trojan.
The FilesLocker Ransomware asks for a non-negligible amount of money, via methods allowing the skirting of any refunding security, while misrepresenting its identity indirectly. The dangers of taking such software at its word should be apparent to any PC user, regardless of how precious their files might be to them.
Update on January 2nd, 2019 - FilesLocker-Christmas Ransomware
A private decryption key was added to versions 1 and 2 of the FilesLocker-Christmas Ransomware. The new variant changes the desktop background and has a ransom note on the 'fileslocker[at]pm[dot]me,' which includes messages in Chinese, English and Russian. The ransom note is called '#DECRYPT MY FILES#.TXT,' and has versions in Chinese and Russian. This ransom note was reported to produce an audio feed with a digitalized voice. There are no decryption tools for this version of the FilesLocker-Christmas Ransomware yet.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.