'Levis Locker' Ransomware

The 'Levis Locker' Ransomware is a Trojan that solicits ransom payments from its victims by displaying warnings regarding their supposed illicit computer activities. Although the Trojan's development is incomplete, its threat actors may use it to encrypt your local files, delete data or block you from using your desktop. Use the strategies recommended in this article for resolving an infection and wiping the 'Levis Locker' Ransomware without submitting to its unrepresentative financial penalty.

Extortionists Scamming Anti-Scammers

The successful efforts of both hobbyist and professional, paid PC security researchers attract the notice of threat authors inevitably. Although responses from threat actors may take the form of updates meant for avoiding new detection techniques, other con artists may call out specific individuals or slip details into their campaigns. With the 'Levis Locker' Ransomware, noted by malware experts near the end of 2016, this attention shows itself in a particularly unusual way.

The 'Levis Locker' Ransomware is a Trojan with few capabilities other than locking the screen while it displays its pop-up window currently. This pop-up asks for a five hundred USD ransom through MoneyPak, with a live countdown to your computer's supposed destruction, and warnings that authorities are tracking your PC for traffic related to illegal media such as underage erotica. All of this content is typical to Trojans similar to the 'Levis Locker' Ransomware, but malware experts also isolated the 'Levis Locker' Ransomware as having characteristics that are highly uncharacteristic for either screen-locking Trojans or file-encrypting ones.

The 'Levis Locker' Ransomware asks for the victim to pay the ransom to 'Lewis' explicitly, with its seemingly misspelled name also trying to invoke the same individual. Accompanying images that the 'Levis Locker' Ransomware embeds in its pop-ups trace back to an anti-fraud activist whose identity is being hijacked to give the attack an extra layer of credibility apparently.

The explicit use of specific individuals' identities, rather than more believable, generic legal institutions, is a newsworthy addition. However, it also makes it likely that the 'Levis Locker' Ransomware is the product of a casual threat actor who has little experience in leveraging social engineering tactics for profit.

Escorting a 'Lewis' Doppelganger Off Your Screen

The 'Levis Locker' Ransomware shows no functions related to deleting or encoding content currently, although its developer may mean to add these attacks later in its development. Malware analysts also can verify that the 'Levis Locker' Ransomware doesn't maintain persistence, by itself. The surprising lack of this nearly-essential feature means that rebooting your computer could provide an immediate, albeit temporary solution for terminating this Trojan's screen-locking attack.

If supporting threats provide additional assistance that impedes your desktop access, reboot and access the 'advanced boot options' menu or its equivalent. Traditionally, you can do this by tapping the appropriate key before Windows begins loading (either F8 or F11, on most versions of that OS). Most versions of Safe Mode in this menu will load the OS without any unwanted processes, which lets you delete the 'Levis Locker' Ransomware without it blocking your anti-malware products. Paying the fee is particularly inadvisable due to the current version of the 'Levis Locker' Ransomware lacking any real capability for inflicting long-term damage, by itself.

The 'Levis Locker' Ransomware is essentially a love letter from at least one threat author to one of the countless individuals working towards fighting Web hoaxes and associated threat attacks. It also is an accurate example of how far con artists are willing to go to misrepresent themselves in the search for ransom money.

Technical Details