Lock2017 Ransomware
Posted: March 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 283 |
| First Seen: | March 6, 2017 |
|---|---|
| Last Seen: | January 24, 2021 |
| OS(es) Affected: | Windows |
The Lock2017 Ransomware is a Trojan that extorts money from its victims after locking their files with a ciphering routine. The evidence that malware experts can gather indicates that this threat may be a part of the Crysis Ransomware family, which uses potentially unbreakable file-locking techniques. Backing up your files and having anti-malware products for eliminating the Lock2017 Ransomware upon its detection are the two critical defensive measures against this threat.
A 2017 Example of How Con Artists may Turn Cyber Attacks into Money
With new variants of old Trojans often being made from application-generating utilities easily, after paying a modest fee, malware researchers see more updates than ever of old threats. Identification isn't always clear-cut, however, and con artists often name the components of their Trojans misleadingly or include incorrect baseline messages, both of which are visible with the Lock2017 Ransomware. The Lock2017 Ransomware campaign is newly-detected with still unknown infection methods, although a majority of file-encrypting Trojans use e-mail spam as a favorite installation exploit.
The key features of the Lock2017 Ransomware include:
- The Lock2017 Ransomware scans your hard drives for documents and other files of formats in its configured whitelist. The Lock2017 Ransomware encrypts this content with an AES-based cipher to block other programs from opening them and protects the generated key with another level of the RSA-based encryption.
- The Lock2017 Ransomware modifies the filenames with an appended extension that includes a customized identification number and one of two e-mail addresses for contacting its threat actors.
- In spite of using the distinctive, filename-editing pattern of the Crysis Ransomware, the Lock2017 Ransomware also drops a 'readme.txt' file similar to other families of file-encoding Trojans. This text includes many of the elements common to similar campaigns, such as demands for Bitcoin ransoms to decrypt your content, offers of a 'free sample' decryption, a time limit, and a fake description of the level of the RSA encryption.
Starting Off 2017 with Effective File Protection
The Lock2017 Ransomware campaign is one of many attacks emerging from threats of the same classification, specializing in holding the data you save on your drive hostage. Backups, especially non-local ones, are almost universally the most guaranteed security strategy for keeping Trojans from locking or otherwise damaging your files indefinitely. The Lock2017 Ransomware does not have a free decryption utility available, and, as malware experts are noting similarities with unbreakable file-encryption Trojans, such a solution may never emerge.
Fake memos, invoices, and other e-mail attachment-based forgeries are probable installation methods for threats of the Lock2017 Ransomware's category. Use anti-malware products to scan and detect these harmful attachments as threatening to your PC before they install their payloads. Preventing encryption in the first place, instead of deleting the Lock2017 Ransomware after it finishes its attacks, may be the only viable strategy for protecting the contents of your local hard drives.
Sufficiently off-guard victims may be liable to consider paying the cryptocurrency ransom the Lock2017 Ransomware's authors solicit. However, as malware experts often verify in different Trojan attacks, paying con artists to undo the damage they've already caused is a solution that stands on shaky ground.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.