GNL Locker Ransomware
Posted: May 16, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 41 |
| First Seen: | May 16, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The GNL Locker Ransomware is a Trojan that holds your data hostage through data-encrypting attacks. In cases where free decoding options are unavailable, malware experts still suggest utilizing other recovery plans, such as backup restoration, over paying the GNL Locker Ransomware's perpetrators their demanded ransom. Since this campaign has some associations with secondary parasites, including backdoor Trojans, you should remove the GNL Locker Ransomware with anti-malware strategies that also can account for other threats.
The Ransom Plan Buried in Another Trojan's Core
While file encryption-based threats are very far from a new phenomenon, the developers of this Trojans also have displayed significant experimentation in how to deliver these threats to a potential victim. E-mail spam is a particularly favored infection method, but other campaigns, like the one for the GNL Locker Ransomware, may use additional, high-level threats. The most recent evidence links the GNL Locker Ransomware's installation to attacks by NanoCore, a RAT (or Remote Access Trojan). Although the GNL Locker Ransomware's payload has extremely detectable symptoms, NanoCore's payload does not, which could allow con artists to continue attacking while distracting their victims with the ransom extortion.
For its part, the GNL Locker Ransomware is a relatively standard, file-encryption-based Trojan. The GNL Locker Ransomware identifies files external to your PC's operating system according to their location and extension types, and then uses an encryption routine, making that content unopenable. Different versions of the GNL Locker Ransomware may rename their encrypted files with a series of randomly-generated characters, followed by a '.locked' string, or just the latter.
The GNL Locker Ransomware also deposits but does not automatically load, a Web page file that contains its data-ransoming instructions. Victims so far have reported that following its instructions and making the Tor Browser-based payments does not provide access to a functional decryptor.
Because the GNL Locker Ransomware is a new threat without any direct relation to past threats of its kind, no public decryptor has yet been made available. Research within the PC security industry is ongoing and, malware experts emphasize, promising.
Cracking a 'Billion Year' Data-Ransoming Attack
The GNL Locker Ransomware's ransom instructions include a by-now-traditional warning of a time limit before complete data deletion occurs, and makes the bold and unlikely claim that its encryption would take over one billion years to crack. PC users keeping level heads will note that decrypting their data is completely unnecessary, as long as they can restore their files from a cloud server, USB drive or similar, safe backup. Malware experts discourage depending on local Windows backups as your sole defense against these threats since competently-programmed Trojans may delete them traditionally.
Although the GNL Locker Ransomware may distract you with the invasive and very visible attacks it makes, malware experts rate it as being a lesser security concern, compared to other threats in its campaign. The presence of a Nanocore RAT could give third parties complete access to your PC, letting them install other threats, change system settings or collect information. Security steps to take to counter these issues include making use of default features like Safe Mode, as well as disconnecting from the internet. While doing so, scan your PC with trusted anti-malware tools to remove the GNL Locker Ransomware and Nanocore.
The GNL Locker Ransomware may not be the greatest threat of its generation, but it does exemplify one of the most apparent problems with paying con artists for their services: you may not get the decryptor that you 'bought,' which is why keeping a backup is always a good idea.