Ocelot Locker Ransomware

Posted: January 9, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	5

First Seen:	January 9, 2017
Last Seen:	February 10, 2020
OS(es) Affected:	Windows

The Ocelot Locker Ransomware is a fake file-encrypting Trojan that imitates some of the symptoms of such an attack without enciphering any content. Since this Trojan performs no other actions that would damage your local data, finding decryption solutions or restoring from backups should be unneeded. Use your anti-malware products for removing the Ocelot Locker Ransomware or stopping its installation process as appropriate, and avoid paying any ransom it demands.

A Kitten Pretending to be a Puma

Copycats in the threat industry are abundant, but most clones of old Trojans re-implement their full payloads with the same intentions of blocking your files, collecting data, or conducting other attacks. Early in January, malware analysts began to see evidence of a form of copycat file-encrypting Trojan that arguably could be considered benevolent. The Ocelot Locker Ransomware mimics only the pop-up symptoms of this category of threats and seems to be an invasive education lesson against real file-encrypting Trojans.

After it compromises the PC, the Ocelot Locker Ransomware generates a pop-up but doesn't eschew the Close window button, unlike an actual screen-locker. This window provides generic encryption-themed extortion demands (with text cribbed from other campaigns) and a single 'Check for Payment' button. Note that current versions of the Ocelot Locker Ransomware omit any way to pay the Bitcoin ransom (approximately 25 USD) that it supposedly requests.

Clicking the above button will cause the Ocelot Locker Ransomware to display a second window recommending acquiring anti-malware solutions and educate yourself about the basics of file-encrypting Trojans or ransomware.

Educating Yourself on Threats the Right Way

While getting security advice from a 'well-meaning' Trojan like the Ocelot Locker Ransomware is better than nothing, appropriate protected and informed PC users should find all of its information redundant or common knowledge. Real file-encoding Trojans can cause permanent damage to your hard drive's contents, requiring that you find a (sometimes not available) third-party decryptor or restore from a backup, unless you intend to pay the ransom and hope for the best. For its part, the Ocelot Locker Ransomware conducts no attacks other than its pop-ups, which is likely complicit in the low detection rates against this threat that malware analysts see across major industry brands.

The Ocelot Locker Ransomware is unlikely of targeting specific businesses, NGOs or government sectors, but may bundle itself in downloads, especially ones associated with pirated content. Scanning all new files before you open them and upholding strong password strategies should protect your PC from both the Ocelot Locker Ransomware and authentic file encryptors. Since this Trojan performs no encryption whatsoever, deleting the Ocelot Locker Ransomware in full after its installation should need no more drastic a solution than a scan with an updated anti-malware program.

The Ocelot Locker Ransomware's author doesn't seem to be distributing this Trojan with ill intentions due to a lack of appropriate ransom-transaction information in its pop-up messages. However, it can be a wake-up call to the unwary that letting an unknown program run on their computers is an easy way to lose what they've saved on it forever.

Ocelot Locker Ransomware

Threat Metric

A Kitten Pretending to be a Puma

Educating Yourself on Threats the Right Way

Leave a Reply