LataRebo Locker Ransomware
Posted: January 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 63 |
| First Seen: | January 26, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The 'LataRebo Locker' Ransomware is a Trojan that displays a pop-up to lock your screen and demands payment before you receive the password for removing it. While the 'LataRebo Locker' Ransomware is similar to more advanced threats superficially, malware analysts rate this Trojan as being a low-level threat with an easily-disabled desktop lock-down. Follow the instructions in this article for removing the 'LataRebo Locker' Ransomware and its pop-up without paying, or, ideally, have anti-malware products that can detect it before it compromises your PC.
A Social Platform Corrupted for Misdeeds
Facebook's popularity sometimes hurts its service as much as it helps, with con artists, just as much as ordinary users, finding ways of exploiting the website in the service of their self-interest. The 'LataRebo Locker' Ransomware is a new, screen-locking Trojan that the cyber security industry caught in the second to last month of January, and makes use of the Facebook site as a secondary communication method. As usual, the threat actor's goal is making a profit, in this case, by using the 'LataRebo Locker' Ransomware to take your entire PC hostage.
While future revisions of the 'LataRebo Locker' Ransomware may include additional ransoming capabilities, such as file encryption, current versions of this threat limit themselves to locking the victim's desktop. Systems compatible with Windows-based WIN32 executable applications are at risk from the 'LataRebo Locker' Ransomware's payload. The Trojan generates an interactive HTA window with a custom background image, a password field, and text instructions demanding that you pay a ransom.
What malware experts see in similar threats that the 'LataRebo Locker' Ransomware includes is its pop-up's payment method rarely: a Paysafecard PIN number that the victim can PM (or private message) to the threat actor's Facebook account. Most professional threat authors prefer to use more reliable communications solutions than Facebook, along with preferring cryptocurrencies like Bitcoin instead of the (previously more popular) Paysafecard.
Beating the New Twist on a Water Bottle Challenge
Except for the demand for real money to remove its screen-locking window, the 'LataRebo Locker' Ransomware has little in common with professionally-managed threat campaigns of any sophistication. Current versions of the 'LataRebo Locker' Ransomware use a hard-coded password for unlocking themselves, instead of customizing the code per victim, which causes the attack to be easy to dismantle without paying. Inputting 'Rebatsa' into the Trojan's 'insert key' field will remove the pop-up and let you continue with disinfecting your computer.
While malware experts' continuing examinations of the 'LataRebo Locker' Ransomware fail to find any additional attacks of note, the Trojan should be taken credibly as a threat that can block you from using your operating system's UI. Disable in-browser scripts, use security software to analyze downloading files and stay aware of archetypal attacks (such as Facebook-based fake links) that might be responsible for drive-by-downloads abetting this Trojan campaign. Because of its limited attack capabilities, very few anti-malware products list this Trojan in their databases currently. Heuristic removal of the 'LataRebo Locker' Ransomware by updated security software remains your PC's best, last-defense protection.
Never be too quick about paying a con artist to help reverse the effects of his bad action; with programs like the 'LataRebo Locker' Ransomware, the consequences are particularly evident as being a tragic waste of money.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.