KwaakLocked Ransomware

The KwaakLocked Ransomware is a variant of Hidden Tear, a Trojan that can encrypt your files and keep them locked indefinitely. This threat may deliver ransoming directions to its victims, such as asking for Bitcoin payments, which may not provide a real decryptor necessarily. Secure backup strategies are a traditional means of protecting your media from file-locking Trojans, and most professional anti-malware programs should delete the KwaakLocked Ransomware automatically.

Another Trojan Edit Coming Out of Hiding

Although its numbers aren't in high distribution, relative to threats like the Globe Ransomware, a new version of Hidden Tear is starting to become a potential hazard to PC users without backups everywhere. The campaign for the KwaakLocked Ransomware, which locks files with the prospect of ransoming the unlocking service afterward, may not be ready for live environments. Nonetheless, Hidden Tear already provides a fully-functioning encryption feature, and the KwaakLocked Ransomware's authors need to do nothing more than provide text messages or pop-ups for delivering their demands.

The KwaakLocked Ransomware uses the AES encryption for blocking various media formats, which exclude essential program and OS components but include pictures, documents, and any work associated with the Microsoft Office suite, such as Word, Excel or PowerPoint files. The threat actors aren't making any changes that would let this attack display symptoms or an interface while it runs, but the KwaakLocked Ransomware does add '.kwaaklocked' extensions to their names, after finishing. Many, but not all variants of the open-source Hidden Tear family are vulnerable to public decryption solutions for unlocking these files, although malware experts have yet to confirm the compatibility of the KwaakLocked Ransomware with current tools.

Despite it having a working, file-locking attack, the KwaakLocked Ransomware campaign is likely of being in its development stage. Most threat actors using Hidden Tear-based payloads also deliver either TXT, HTML, or HTA-format pop-ups or text messages that may launch automatically or place themselves on the desktop. These instructions can include demands for cryptocurrency or voucher payments for the decryptor that unlocks the victim's files. However, all versions of the KwaakLocked Ransomware available to malware experts have yet to generate any ransom notes or provide other information pertinent to such transactions, such as an e-mail address or a TOR website URL.

Putting Hidden Tear's New Offspring Back in Hiding

Although its threat actors aren't even hiding the file information that declares the KwaakLocked Ransomware's executable as being a build of Hidden Tear, a live deployment of the Trojan will either disguise the file or delegate its downloading to another threat. Macros and other security vulnerabilities in documents, especially ones from fake e-mail messages, are a typical technique among criminals circulating all file-locker Trojans. Any servers running with easy-to-crack login combinations also are at risk, thanks to the availability of brute-force applications and the exploitation of RDP features.

Decrypting media freely isn't always a possibility, and some threat actors include features in their file-locking Trojans for erasing local backups. Consequently, malware analysts encourage using backup services regularly that the user stores remotely, such as on a secondary cloud server or a removable drive. Like most versions of Hidden Tear, the KwaakLocked Ransomware also makes minor changes to the operating system associated with launching itself automatically, although, unlike a virus or a worm, it doesn't create duplicates of itself. Always let your anti-malware products remove the KwaakLocked Ransomware and any other threats with a relationship to the vulnerability that enabled the infection in the first place.

Hidden Tear is a potential danger to nearly any network-accessible PC that has files of any measurable value to their owners. Like the last year's Hidden-Peach Ransomware, the 2016's Guster Ransomware, or the April's '.FUCK File Extension' Ransomware, the KwaakLocked Ransomware is another pointed indicator of how little work criminals need to do to take what's yours indefinitely.