Locdoor Ransomware

The Locdoor Ransomware is a Trojan that creates messages demanding cryptocurrency payments. Although current releases of the Locdoor Ransomware have no features for blocking, corrupting or deleting your files, its threat actor may update the program with additional attack capabilities for future versions. Having secure backups can make your data less at risk from such an attack, and traditional anti-malware programs running with the latest patches should delete the Locdoor Ransomware safely.

The Trojan Door that's not, Yet, Quite Locked

An in-development Trojan is becoming available for analysis in centralized databases while showing more successful detection avoidance than that of similar threats. The new the Locdoor Ransomware isn't an apparent fork of projects like the freeware Hidden Tear or RaaS services like the Scarab Ransomware, and malware experts, also, note some signs that the Trojan's author may have limited background with running file-locking Trojan campaigns. Even though the Locdoor Ransomware's actual, file-locking feature is theoretical rather than operational, the ransoming of its feature set is fully working.

The Locdoor Ransomware is a 32-bit Windows program whose executable is just over two hundred kilobytes, slightly larger than the installer for the average file-locker Trojan. It drops its primary components into the Windows Temp folder, although it does include files elsewhere, most notably, a Visual Basic script. After running, the Locdoor Ransomware runs Internet Explorer automatically with a series of commands for opening a dedicated ransom site for its campaign along with creating a duplicate of the ransom note in Notepad.

The messages ask for just ten cents in the Bitcoin cryptocurrency for a decryptor that, in theory, could unlock any files that the Locdoor Ransomware blocks in its future, updated attacks. Malware experts have yet to see any indications from the Locdoor Ransomware of its harming local media or other data, for now. The Locdoor Ransomware's use of an undisguised free website-building service, as well as its oddly low price, makes it more probable than not that this campaign is under the administration of a novice threat actor.

Shutting the Door in a New Extortionist's Face

Small ransoming fees are one of several signs of the Locdoor Ransomware's campaign attempting to target recreational or random PC owners, instead of the business, NGO, or government networks that the Globe Ransomware or the Scarab Ransomware prefer. The methods of infection that malware experts advise watching out for concerning future the Locdoor Ransomware activities include:

• Torrents and other, suspicious download resources could disguise the Locdoor Ransomware's executable as being illicit but desirable content, such as an AAA video game crack or an in-demand movie.
• EKs like the thge RIG Exploit Kit may abuse software vulnerabilities that let it install file-locker Trojans through your Web browser.
• Spammed e-mail messages with forged contents also may include a link to unsafe domains with the above tactics, or a file attachment with the Locdoor Ransomware's installer (or a Trojan dropper that acts as a middleman).

Ignoring risky download links, scanning downloads before opening them, and disabling sometimes-hazardous features like JavaScript in your browser will provide various degrees of protection from these attacks. Malware experts also encourage the act of keeping additional backups on other devices, whenever practical. Although only a small quantity of anti-malware products are detecting and uninstalling the Locdoor Ransomware accurately, users should avoid manual uninstallations without the help of an appropriate cyber-security specialist.

The limited detection rates for the Locdoor Ransomware are, most likely, forming from a basis of how limited its attacks are, rather than any great sophistication in its anti-AV defenses. However, its presence on threat databases indicates that its author is planning more work on it, and this not-yet-locking Trojan could be more of a problem in upcoming weeks.