KillerLocker Ransomware

The KillerLocker Ransomware is a Trojan that holds your files hostage by encoding them, with ensuing symptoms of an attack including the display of a ransom message. Although the KillerLocker Ransomware uses pop-up interactivity and implies a degree of automation to the process to encourage prompt payments, malware experts recommend withholding your money and using other means of restoring the encrypted content. Like most Trojans, you can detect and remove the KillerLocker Ransomware with an anti-malware product before it's able to conduct its payload and damage your computer.

A Killer Clown tot Worth a Chuckle

Coding or renting threatening software often is only half of a successful threat campaign, which can be almost equally reliant on psychological warfare to achieve its aims. Hostile file encryption is a particularly fertile ground for observing the different methods con artist use for pressuring a victim's actions. In addition to technological barriers, Trojans like the KillerLocker Ransomware back their payloads up with themes meant for inducing fear.

The current version of the KillerLocker Ransomware targets Portuguese systems and can read the Registry details about supported languages to make sure it triggers only on appropriate targets. The Trojan suppresses the Windows error box during its installation, and may include some network-oriented features, although malware experts have yet to see it transfer or receive data from a server. Most importantly, as far as its victims are concerned, its payload includes a data-encoding encryption attack that targets formats such as PDF and JPG.

When it finishes using its encryption algorithm for blocking the above data, the KillerLocker Ransomware loads an HTML pop-up. Besides displaying an image of a 'killer' clown in an equally threatening UI layout, the window includes a Portuguese ransom message with a short, two-day time limit for paying to recover your files. Other elements of note include a field for entering the transaction number, which, theoretically, gives access to the decryptor, and a scrolling text box showing the encoded content.

Paying a Serial File Killer What He Deserves

The KillerLocker Ransomware shows some degree of not being coded by 'script kiddy' style amateurs and uses anti-clumping memory techniques, and other methods of blocking its detection and analysis. As a result, only a handful of anti-malware brands to date is detecting samples of the KillerLocker Ransomware as threats. Update your anti-malware solutions' databases to increase their detection chances, and avoid exploitable infection vectors, such as spam e-mails.

Besides browsing the window in the KillerLocker Ransomware's extortion pop-up, you also may identify your encrypted content by looking for files with the '.rip' extension added onto any previous ones. While malware experts have yet to uncover any vulnerabilities allowing free decryption, interested parties can provide samples to appropriate entities in the PC security sector for further research. For now, taking the risk of paying or using a backup to recover data without decrypting it are an unprotected victim's primary options.

Due to the potential finances, identity information, and other traits inherent to digital data storage, even a murderer of digital information can be scarcely less threatening than a real killer. Wherever you may live, a campaign like the KillerLocker Ransomware's most likely is already targeting your region, and you should treat a few simple PC security measures as just as essential as locking your door at night.

Technical Details