Locket Ransomware
Posted: November 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 3,335 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 2,726 |
| First Seen: | January 29, 2022 |
|---|---|
| Last Seen: | October 15, 2023 |
| OS(es) Affected: | Windows |
The Locket Ransomware is a Trojan that blocks your screen with an HTML application that pretends to encrypt your media. While the Locket Ransomware isn't a direct threat to the work on your PC, it can prevent you from accessing parts of the Windows interface and is a minor security risk. Use your anti-malware software for uninstalling the Locket Ransomware after removing its screen-blocking feature by following standard security protocols.
The New Locket Wrapping around Your Monitor
The overlap between Trojans that block the screens of their victims, ones that blockade their victims' files, and ones that do both isn't insignificant, and many threat actors mingle the features of all three sub-types of threatening software freely. The commonality of such behavior makes it necessary for users to avoid taking any Trojan at its word particularly, which often laces itself with intentional falsehoods or stretches of the truth. For the Locket Ransomware campaign, for example, it uses the bluff of destroying your files to keep you from questioning its demands for ransom money.
After finishing its Windows-based install routine, the Locket Ransomware uses an HTA or advanced HTML application to launch a ransom screen. This screen blocks the entire desktop and generates a simple user interface that includes the Trojan's ransoming demands of 0.1424 Bitcoins (roughly 1,400 US dollars), a live-counting timer for three days, and a variety of related warnings. Like many Trojans of the same classification, the Locket Ransomware also threatens to delete your files if you close the program or ignore the ransom's timer.
As per the latest samples, malware experts are verifying that the Locket Ransomware has no encryption or file-locking features, either partially-built or complete and can't delete the user's media or other data. However, the absence of a more invasive payload also appears to be preventing some brands of security software from detecting it as a threat; currently, less than half of the most competitive AV brands are flagging the Locket Ransomware as threatening.
Returning Counterfeit Trojan Jewelry
The Locket Ransomware remains open to further investigation on whether its threat actor means to include real, data-locking attacks in the future, or is content with using the Locket Ransomware for mounting fraudulent attacks. In either case, malware experts recommend keeping secure backups to reduce any chances of damage to your files and avoid paying any unnecessary, and potentially counterproductive, ransoms. The use of Bitcoins eliminates refund protections that customers are entitled to with most traditional money-transferring services, and can mean paying the Trojan's author without buying any benefit.
The Locket Ransomware uses a hard-coded, fixed password, which is set to 'ul62bfqSA' currently. Inputting this code should let users close the Trojan's window and regain access to the Windows interface as usual. For users who need to terminate the Trojan completely, malware analysts suggest using the Safe Mode feature as provided by most versions of Windows, which is accessible from the menu for advanced startup options. This feature will give your anti-malware programs a more secure environment for uninstalling the Locket Ransomware or identifying other threats that could be distributing it.
Assuming the same program that's attacking your computer has any investment in telling you the truth is a little better than trusting a con artist's word of honor. In the Locket Ransomware's case, doing so has a real price on money that's buying something you could take for free.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.