KoreanLocker Ransomware
Posted: January 9, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 88 |
| First Seen: | May 8, 2023 |
|---|---|
| OS(es) Affected: | Windows |
The KoreanLocker Ransomware is a file-locking Trojan that uses data-encoding attacks from the Hidden Tear family. An infection can prevent you from opening any files that the KoreanLocker Ransomware locks automatically, such as documents or pictures. Ignoring the ransom demands of this threat in favor of other recovery solutions, and having dedicated anti-malware programs capable of deleting the KoreanLocker Ransomware, are the recommendations of malware experts.
Korea under Digital Fire Again
Small-scale threat actors are leveraging another campaign of file-locking threats against Korea, adding a new member to localized Hidden Tear variants that include the File-Locker Ransomware, the Korean Ransomware and the RansomMine Ransomware. This brand-new modification of Utku Sen's Hidden Tear project, the KoreanLocker Ransomware, shows some of the typical indicators of being a minor campaign that's attacking recreational systems instead of corporate, government or NGO ones. However, even as a 'minor' threat, it can deprive the users of their files, possibly in perpetuity.
Like almost any member of Hidden Tear, from the AutoEncryptor Ransomware to the Xampp Locker Ransomware, the KoreanLocker Ransomware uses an AES-based cryptography method for purposes of blocking different formats of non-critical media files. Users can presume the KoreanLocker Ransomware of targeting, in particular, content associated with the Microsoft Office range of programs, such as DOCs, as well as pictures. The '.locked' extension that it also adds, although cosmetic, does provide any victims with a visual symptom to determine what files they can no longer open.
The KoreanLocker Ransomware deposits a Korean-language text message for encouraging any affected users to pay in the Bitcoin cryptocurrency to get their files restored with the withheld decryption key. The threat actor's use of a free e-mail service implies limited resources for the campaign, and the ransom amount of one Bitcoin (equal to fourteen thousand USD or 15879319 South Korean Won) is high inappropriately, relative to Hidden Tear's file-locking security. Malware experts note it as being likely that the authors chose the amount purely for simplicity versus PC users with limited cryptocurrency knowledge.
Bringing Peace to Korean Hard Drives
While the KoreanLocker Ransomware's threat actors use their campaign for selling file-unlocking solutions, there do exist online, free alternatives. Hidden Tear isn't challenging to decrypt in comparison to other families of file-locking Trojans, such as the Globe Ransomware or the Jigsaw Ransomware notably. However, malware researchers always urge users with digital content of any value to store additional copies on secure, remote drives, which can act as a primary defense against all file-locking threats, regardless of the decryption feasibility.
Corrupted website scripts, spam e-mails, and fake file-sharing content all constitute potential infection vectors for file-locking Trojans. Other than its being likely of using Korean-specific content, malware experts can't predict what methods that the KoreanLocker Ransomware may use for infecting your PC definitively. However, the Trojan is Windows-specific, and appropriate anti-malware solutions for that OS should eliminate the KoreanLocker Ransomware readily.
Although it's not an impressive update from the original Hidden Tear, the KoreanLocker Ransomware can be problematic for any users who don't take proper care of their documents and other media. Virtually any populated region and many sparsely populated ones are potential targets for campaigns by cybercrooks who want money for giving you your belongings.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.