GodLock Ransomware
The GodLock Ransomware is a minor update of the Freeme Ransomware, an independent, file-locking Trojan. The GodLock Ransomware can, like most of its more well-known competition, block media files with encryption attacks while leaving ransom notes for the victims. Windows users should have backups in place for preventing any damage and anti-malware protection for removing the GodLock Ransomware properly.
The Derivative Trojan Fancying Itself a God
Arriving samples of a Trojan with an oddly high opinion of itself is demonstrating that the old Freeme Ransomware, the progenitor of threats like the Freezing Ransomware, is alive and well – with another name. Although the GodLock Ransomware has few points of difference from its earlier ancestor, it doesn't need to change notably to be threatening. Any user without backups will have good reasons for keeping this file-locking Trojan as far away as possible.
The GodLock Ransomware is a .NET-based program for Windows with a negligible file size and no signature. It follows a standard flow of attacking for a Trojan of its type, and creates encrypted versions of the user's files (DOCX, JPG, and so on), and deletes the originals. It also adds the 'godlock' extensions into their names as its campaign tag, sets multiple keys in the Registry, and uses memory injection – the act of inserting itself into another program's process – for running without being caught.
While malware researchers can't confirm the GodLock Ransomware's deleting the Restore Points, such a feature is close to universal among file-locker Trojans. Most users shouldn't depend on them solely for recovery from these attacks, which render the affected files unreadable in their regular programs.
Taking Software Divinity Off Its Throne
While the GodLock Ransomware's family is one of the smaller ones of note, variants of the Freeme Ransomware include several features that are unusual from a modern Trojan of their classification. Malware analysts lay out the following as remaining worth mentioning:
- The GodLock Ransomware uses a highly-unconventional algorithmic choice for its encryption, ECDH. Its security is not broken currently, and users shouldn't presume on the availability of a freeware decryptor for recovering their content.
- The GodLock Ransomware may lock executables, along with 'normal' files like documents. This inclusion means that, in an attempt at blocking media, it also can damage various programs and force their reinstallations.
The GodLock Ransomware's ransoming negotiations are in English and provide a seven-day deadline for paying, although doing so doesn't guarantee a decryptor's availability. The proper storage of backups on protected, non-local devices can keep the GodLock Ransomware from holding any content out of its owner's reach in perpetuity. A self-declared god descending from heaven to smite Windows digital media is far from the rarity of its pretensions. The GodLock Ransomware is no more or less than a threadbare patch of Freeme Ransomware and a representation of the belief that betting on users' poor security practices can turn a profit.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.