LOCKED_PAY Ransomware
The LOCKED_PAY Ransomware is a variant of the Jigsaw Ransomware, a file-locking Trojan. It can block your PC's digital media by converting files into encrypted versions and may delete them after a reboot or on a timer. Users can identify this threat through its accompanying pop-ups and use anti-malware products for quarantining or removing the LOCKED_PAY Ransomware appropriately.
Putting the Jigsaw Pieces Back Together
A threat actor under the name of MAYA is using the Jigsaw Ransomware's source code for developing a 'new' Trojan with file-locking attacks. This variant, the LOCKED_PAY Ransomware, is in an in-development state. Unfortunately, there are no reasons for assuming that its ability for locking files is any less workable than its notorious ancestor's attacks.
The LOCKED_PAY Ransomware uses AES encryption, like the Jigsaw Ransomware, as its preferred way of locking content. Although it includes a location filter that prevents it from harming the Windows operating system, it's likely of damaging documents, spreadsheets, archives, pictures, music and most other media. The Trojan helps victims identify these files by added '.LOCKED_PAY' extensions, and creates an HTA pop-up ransom message afterward.
Malware experts find not many differences between the LOCKED_PAY Ransomware's note and the Jigsaw Ransomware's equivalent one. The LOCKED_PAY Ransomware includes demands for Bitcoins (or Monero), a countdown, and some interactive elements for communicating with the threat actor, paying or using the decryptor. Users should test the compatibility of free Jigsaw Ransomware decryption services first, which may provide a no-charge recovery path for locked data.
There also is some risk of the LOCKED_PAY Ransomware's deleting files on a system restart or as its countdown loops if MAYA carries the feature over from the older program.
Scattering the Puzzle Picture of Extortion
Since it's still in its developmental stage, there's no telling how the LOCKED_PAY Ransomware could circulate and find itself on its victims' computers. Windows users can monitor likely infection sources, however, such as e-mail messages carrying macro-running documents, torrents for illicit content, and updates on offer by compromised or corrupted sites or advertisement services. Server admins, also, should maintain version control over associated software and avoid passwords that are at risk from brute-forcing attacks.
The cyber-security provides unlocking solutions for threats with less-robust cryptography, including the Jigsaw Ransomware. However, the LOCKED_PAY Ransomware may require customized decryption services, and MAYA may include additional security to the Trojan's attacks. Always back your work up somewhere safe, such as a removable USB, for preventing extortion from becoming your singular way out of consequences of infection.
Windows anti-malware programs, as usual, will identify most versions of the Jigsaw Ransomware and shouldn't experience problems with removing the LOCKED_PAY Ransomware at any stage.
As malware analysts await further samples providing the breadcrumb trail to the LOCKED_PAY Ransomware's planned distribution routes, users should be copying their media to protected devices. Failing this simple task is an expensive mistake that profits criminals, and no one else.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.