P4YME Screenlocker
The P4YME Screenlocker is a screen-blocking Trojan that prevents users from accessing their desktops or Windows UI. Although the P4YME Screenlocker asks for a ransom within half an hour, users should ignore the demand and disinfect their PCs through safer methods. Besides removing the P4YME Screenlocker, reliable anti-malware products should detect and block the Trojan during any installation exploits.
An Impatient Telegram from a Strange Program
Although screen-locking Trojans are not nearly as widespread as the currently-favored data-encrypting ones, they run their 'businesses' in much the same way: inconveniencing the infected PC's users until they get a ransom out of it. The P4YME Screenlocker, a simple, Windows version of the former threat, is promoting itself with a name that implies network backdoors or other advanced features through a Secure Shell. The truth is that its attacks are unsophisticated and easily reversible by any victim, surprisingly.
Although early samples of the P4YME Screenlocker dodged most detection heuristics successfully, updates from most cyber-security vendors are accurate at flagging the Trojan. The P4YME Screenlocker or SSHBot uses a generic packer and fake HP copyright information for infiltrating Windows systems before it 'locks' the screen with its pop-up ransom note. This attack stops users from accessing the taskbar or rest of the Windows interface due to the window's maintaining focus. It also is notable for its ransom specifications: seventy-five Euros, Telegram-based communication, and an extraordinarily short countdown of half an hour.
The last detail is a probable effort at tricking victims before they can try other solutions. Malware experts dub the P4YME Screenlocker's attack as being easily removable in nearly all scenarios. The Trojan uses a hard-coded password (for current builds: 'P4YME0101') for removing the pop-up blocker. Victims also can disinfect their PCs through more traditional methods and dismiss the Trojan, and its pop-up, without interacting with the password field or the ransoming process.
Keeping a Lock from Coming Down on a Computer
The P4YME Screenlocker has little that's unique about it, and stays near to the models of attack and ransoming that older Trojans like TWLWLocker or Wanna Subscribe 1.0 Ransomware trail-blazed. Contrary to its executable name, the Trojan exhibits no SSH-related features and doesn't qualify as a backdoor Trojan, RAT or file-locking Trojan. However, users should be aware of possible updates to the P4YME Screenlocker and continue guarding against all likely areas of exposure to Trojans like it.
Windows threats of this low level of sophistication may circulate through illicit downloads like torrents of pirated media or game cracks. They also can come through e-mail-attached spam, tactics that use currently-in-vogue themes like Coronavirus trackers or Exploit Kits that abuse software vulnerabilities. Disabling JavaScript, Flash, and document macros will remove many of the software exploits in use in these scenarios. Safe browsing habits will attend to the majority of the remainder.
Competent anti-malware tools usually will flag and remove the P4YME Screenlocker at any stage of an infection attempt. If the users regain access to the UI (for example, by booting from the USB port), they also can disinfect already-compromised systems.
The P4YME Screenlocker wants a payday for doing almost nothing to the victim's computer. It's up to those under fire to keep cool heads and prevent this Trojan from turning carelessness into undeserved Euros.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.