KillerLocker Ransomware
Posted: October 3, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 35 |
First Seen: | October 3, 2016 |
---|---|
OS(es) Affected: | Windows |
The KillerLocker Ransomware is a Trojan that holds your files hostage by encoding them, with ensuing symptoms of an attack including the display of a ransom message. Although the KillerLocker Ransomware uses pop-up interactivity and implies a degree of automation to the process to encourage prompt payments, malware experts recommend withholding your money and using other means of restoring the encrypted content. Like most Trojans, you can detect and remove the KillerLocker Ransomware with an anti-malware product before it's able to conduct its payload and damage your computer.
A Killer Clown tot Worth a Chuckle
Coding or renting threatening software often is only half of a successful threat campaign, which can be almost equally reliant on psychological warfare to achieve its aims. Hostile file encryption is a particularly fertile ground for observing the different methods con artist use for pressuring a victim's actions. In addition to technological barriers, Trojans like the KillerLocker Ransomware back their payloads up with themes meant for inducing fear.
The current version of the KillerLocker Ransomware targets Portuguese systems and can read the Registry details about supported languages to make sure it triggers only on appropriate targets. The Trojan suppresses the Windows error box during its installation, and may include some network-oriented features, although malware experts have yet to see it transfer or receive data from a server. Most importantly, as far as its victims are concerned, its payload includes a data-encoding encryption attack that targets formats such as PDF and JPG.
When it finishes using its encryption algorithm for blocking the above data, the KillerLocker Ransomware loads an HTML pop-up. Besides displaying an image of a 'killer' clown in an equally threatening UI layout, the window includes a Portuguese ransom message with a short, two-day time limit for paying to recover your files. Other elements of note include a field for entering the transaction number, which, theoretically, gives access to the decryptor, and a scrolling text box showing the encoded content.
Paying a Serial File Killer What He Deserves
The KillerLocker Ransomware shows some degree of not being coded by 'script kiddy' style amateurs and uses anti-clumping memory techniques, and other methods of blocking its detection and analysis. As a result, only a handful of anti-malware brands to date is detecting samples of the KillerLocker Ransomware as threats. Update your anti-malware solutions' databases to increase their detection chances, and avoid exploitable infection vectors, such as spam e-mails.
Besides browsing the window in the KillerLocker Ransomware's extortion pop-up, you also may identify your encrypted content by looking for files with the '.rip' extension added onto any previous ones. While malware experts have yet to uncover any vulnerabilities allowing free decryption, interested parties can provide samples to appropriate entities in the PC security sector for further research. For now, taking the risk of paying or using a backup to recover data without decrypting it are an unprotected victim's primary options.
Due to the potential finances, identity information, and other traits inherent to digital data storage, even a murderer of digital information can be scarcely less threatening than a real killer. Wherever you may live, a campaign like the KillerLocker Ransomware's most likely is already targeting your region, and you should treat a few simple PC security measures as just as essential as locking your door at night.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 232.44 KB (232448 bytes)
MD5: d704f3cf861fdf54bcf2beba24dea0f4
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 3, 2016
file.exe
File name: file.exeSize: 232.44 KB (232448 bytes)
MD5: a802aae121fb19bd185e736ffffcbe46
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 3, 2016
file.exe
File name: file.exeSize: 13.31 KB (13312 bytes)
MD5: 7afa1f01d6379816b3804eaf5e6c947e
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 30, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.