LockeR Ransomware
The LockeR Ransomware (a separate threat from 2015's Critoni Ransomware-based the LockeR Ransomware) is a Trojan that blocks your files by encoding them and using the second key to secure the first encryption cipher. Malware experts are estimating that this campaign is attacking business networks and other entities capable of paying large ransoms, which it could compromise through brute force or email spam attacks. Backing up your content each day and having anti-malware protection for blocking and deleting the LockeR Ransomware is the recommended defense currently.
All the Smell of Bad Security that Arises from One Onion
The anonymity-enabling browser formerly known as The Onion Router, now marketing itself as TOR, is one of many ordinarily-legal utilities that threat actors can abuse for less than lawful purposes. The third week of October is showing one clear example of on artists launching another Trojan campaign that exploits this program: a series of data hostage-taking attacks using the LockeR Ransomware. This Trojan seems to be custom-made for this campaign and has the ransom-processing support of what malware experts determine is a dedicated series of linked Web domains.
The LockeR Ransomware generates not one, but two keys for any infected systems: a public one and a private one, the latter of which secures the previous, file-locking cipher. This encryption feature can block content of any format that the threat actor specifies, such as databases, documents, and spreadsheets, and may include cosmetic variations, such as appending new extensions. After locking all appropriate media, the LockeR Ransomware creates its ransom note: a Notepad text message.
The above file gives limited assistance to the user, besides providing links to the LockeR Ransomware's TOR site ring. Threat actors are asking for particularly expensive ransoms in exchange for the private key to the unlocking feature, which the LockeR Ransomware uploads to their Command & Control server automatically. With a thoughtfully-designed Web UI and ransoms of thousands of USD value, malware experts are rating it as highly likely that the LockeR Ransomware's authors are targeting businesses with compromised logins or email accounts manually.
Adequately Pruning a Vegetable-Themed Extortion Attack
The LockeR Ransomware's administrators are putting the TOR browser's capabilities to good use, with well-formatted domains including individual customer designations, live countdowns, semi-configurable ransoming details, private messaging, a trial decryptor, and even a captcha-based security feature. With all the signs of a polished, professional campaign for blocking media in return for high-value payouts, the LockeR Ransomware's only apparent vulnerability is the chances of any victims having backups that it can't lock or delete. The Trojan also may include other features not yet verifiable by malware analysts, such as terminating programs like the Task Manager or hijacking the Windows account's wallpaper.
The infection strategies for threats using campaigns similar to the LockeR Ransomware's attacks include:
- Con artists may try to compromise login combinations with brute-force software. Using individual and complex passwords and account names can reduce your PC's vulnerability to being brute-forced significantly.
- Other systems suffer security compromises through email attacks that may try to hide the LockeR Ransomware, or installers for it, as a format of non-malicious. Examples of these disguises include fake invoices, automatic messages from internal office equipment, and delivery-themed notices.
Malware experts only can guess at any decryption chances for this threat, although most anti-malware products should catch and delete the LockeR Ransomware, by default. Paying the ransom should be left for a final resort or ignored if it's at all possible.
Even if users protect themselves against the LockeR Ransomware, all the work of its campaign is unlikely to evaporate overnight. Anyone potentially vulnerable to the above infection strategies should consider the sometimes sky-high price of laughing off ideal data security and storage practices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.