MemeLocker Ransomware
Posted: April 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 8,778 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 843 |
| First Seen: | April 10, 2017 |
|---|---|
| Last Seen: | September 18, 2023 |
| OS(es) Affected: | Windows |
The MemeLocker Ransomware is a variant of Hidden Tear, an open-source Trojan that can prevent you from opening your files by encrypting them. The MemeLocker Ransomware's symptoms can include unexpected changes to the names or extensions of your media, new text messages asking for ransom money, Web pop-ups, or the appearance of a desktop image announcing the attack. Most users should ignore the ransom demands, remove the MemeLocker Ransomware with a qualified anti-malware program, and restore any encrypted content through a backup.
Memes Turning Sour for Money
A new Trojan is in development for April, taking advantage of the rising awareness of Internet memes (widely shared, comedic images or texts) for self-promotional purposes. The MemeLocker Ransomware uses a previously-untapped brand name, but its internal code leads malware analysts to believe that it's a member of the constantly-growing Hidden Tear family. This group of file-encryptor Trojans boasts code that's pseudo-publicly available for different threat actors to abuse, while not needing to have any expertise in programming.
The MemeLocker Ransomware's threat actors still are finalizing the Trojan for deployment, which could take place through several means, including drive-by-download attacks, e-mail attachments, or infected torrents. A successful installation lets the MemeLocker Ransomware analyze all local drives for files to encrypt, typically including images, audio, and Microsoft Office content. No information is yet available on any name or extension changes the MemeLocker Ransomware might make to these files, although most versions of Hidden Tear do add a secondary extension.
Malware analysts also can confirm the MemeLocker Ransomware using pop-up-based ransoms that can block your desktop while delivering their messages. Con artists can use these attacks to include links to their Bitcoin wallets or e-mail addresses and may claim to be capable of causing further damage to your files unless you pay for their decryptor. Victims should remain aware that many versions of Hidden Tear, potentially including the MemeLocker Ransomware, can be decrypted by free software hosted by various anti-malware organizations.
Getting Bad Jokes out of Your File System
Live attacks using the MemeLocker Ransomware aren't verifiable currently, although minimal additional work is necessary for making it ready for public release. Being able to decrypt any file-encrypting Trojan's output isn't always possible, and any victims in need of preserving their files always should try to back them up before an infection can occur. While revisions of Hidden Tear like the MemeLocker Ransomware may compromise drives available over a local network or attached storage devices, password-protected cloud storage and unconnected peripherals are safe backup choices.
Con artists can distribute Trojans like the MemeLocker Ransomware with the intent of attacking random, lone PC users, or business sector entities that might pay larger ransoms than an individual. In either case, the defenses against this threat remain consistent: disabling potentially unsafe browser features on hacked sites, letting security software analyze your downloads for threats, and using account passwords not susceptible to brute-force attacks. Always update your anti-malware products before trying to remove the MemeLocker Ransomware or other, newly-released threats that may not be detectable under old definitions.
If it profits from the bad security habits of its victims sufficiently, the MemeLocker Ransomware could live up to its name and become a real meme unto itself. As is the case with any new release of Hidden Tear, it's up to each user to back their files up and use other security steps to make the bad joke of cyber extortion fall flat.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.