HadesLocker Ransomware

The HadesLocker Ransomware is a Trojan that uses encryption to block your files before selling the decryptor to you. Extortionists-offered decryption services are unreliable or unsafe frequently, and free decryptors are not always available. Malware researchers find that the strongest solution to this threat consists of having anti-malware products to block the HadesLocker Ransomware and backups to save your data.

An Old Fire Spreading to Your Files Under a New Name

Updating old products on a monthly basis is as much a part of the threat industry as it is a part of the legal software industry. Illegal business models more often redesign their old products with new names, such as the Wildfire Locker Ransomware's transmutation into the HadesLocker Ransomware. Although the HadesLocker Ransomware is new enough to avoid being detected by some, outdated security solutions, its payload, and its technical details remain consistent with its July-dated counterpart.

Just like almost all file encryption Trojans of the year, the HadesLocker Ransomware uses an encryption function basing itself on an AES algorithm, letting it rearrange and encode a file's data similarly to the process a ZIP archive might use for compressing information. Malware experts found no serious vulnerabilities in this process, making the possibility of free decryption services a limited one. The HadesLocker Ransomware also renames the encrypted content with an ornate string including '.~HL' and a portion of the encryption password.

While its encryption function is the most threatening part of the HadesLocker Ransomware's payload, the Trojan also continues using the same style of HTML pop-ups already seen in the WildFire Locker Ransomware. The descriptive text in these extortion messages includes explanations of the attack and guidelines on how to pay a ransom to recover your data at its TOR-based website. The anonymity-protected site offers the standard fields for making and confirming the Bitcoin transactions that comprise the extortion sum. Also like the Wildfire Locker Ransomware, the HadesLocker Ransomware threatens to increase its price for victims delay their payments.

Banishing a Spinoff Trojan Back to the Underworld

Files affected by the HadesLocker Ransomware attacks are not yet, and may never be decoded by any third parties. Since both paying con artists for decryption assistance and turning to third-party researchers include uncertain variables, malware researchers recommend using comprehensive solutions such as storing backups on USB devices. Experiencing the deletion of your local, Windows default backups is as common a hazard as threat authors refusing to provide a decryption service after receiving their money.

Update your anti-malware products routinely to ensure that they can identify newly-produced threats like the HadesLocker Ransomware, even ones that already are using a majority of code deriving from past threats. PC users can best protect themselves and their data from these attacks by staying aware of the common strategies threat actors use with file encrypting Trojans, including seeding Trojan droppers in macro-based documents, disguising e-mail attachments, and cracking weak remote desktop protocols. PCs with appropriate anti-malware protection should block the HadesLocker Ransomware and remove it before it can encrypt any content.

Although some types of information, such as work documents, images, and music, are more likely of being encrypted than others, file encryption Trojans like the HadesLocker Ransomware are capable of damaging most of the contents of any hard drive or server. Remember that threat authors also are being diligent about producing new attack campaigns, and stay just as vigilant about your computer's security.

Technical Details