PainLocker Ransomware

The PainLocker Ransomware is a file-locking threat that uses encryption for barricading your media before creating text messages with its ransoming demands. Users may recover any affected data by using their last backup or contacting researchers in the anti-malware community for any decryption help. Because the Trojan's symptoms limit themselves to issues only apparent after the damage that it causes, all users should have their anti-malware protection delete the PainLocker Ransomware automatically and preemptively.

The Pain of not Being Able to Open What's Yours

After the update of the Embrace Ransomware, the Everbe@airmail.cc Ransomware may be responsible for another offspring that turns it into a consistently-growing family of file-locking threats: the PainLocker Ransomware. Although this campaign is circulating a different ransoming message, its other symptoms are consistent with the first, two programs, as well as similar Trojans, such as the Blind Ransomware. The user's personal and work files, such as documents, pictures, spreadsheets, audio or archives, all are at risk especially.

The PainLocker Ransomware's estimated file-locking method may use either DES or AES to encrypt each file that it searches for on an infected PC, with its search results including both detachable drives (USB, DVD, etc.) or network-mapped drive potentially. Although malware analysts haven't assembled a complete list of the affected media types, users can isolate the encrypted data by searching for the extension (for instance: 'example.jpg.[pain@cock.lu].pain') that the Trojan adds, which uses the same formatting as the Everbe@airmail.cc Ransomware.

There's no decryption software in development or distribution for the Everbe@airmail.cc Ransomware, its second variant of the Embrace Ransomware, or the PainLocker Ransomware. Since non-consensual encryption is a relatively lightweight attack that may lock any files permanently, backing up all invaluable media is the first defense against threats of this classification. Malware experts recommend against storing any backups on the same PC since a majority of file-locker Trojans also delete any localized backups.

Keeping Your Files Out of a Trojan's Private Locker

Recent Black Hat campaigns using file-locker Trojans are identifiable for having spam e-mails as their favored infection vector especially. E-mail-based attacks may use Web links or attachments for exposing a victim to a file that, in most cases, employs a software vulnerability (such as a Word macro) for installing the additional threat. Examples of formats for these attacks include fake delivery notifications, bills, local news articles, and messages from office hardware or fellow employees. Some Trojans of the same category as the PainLocker Ransomware also use other exploits, such as brute-force hacks and abusing Remote Desktop features.

The PainLocker Ransomware's payload also includes depositing a text file that contains demands for the victim's paying money to buy the threat actor's unlocking service. This decryption solution may not function as advertised, and criminals use payment types that don't allow for any refunds for fraud invariably. Victims should avoid paying the ransom under any circumstances and have a dedicated anti-malware program uninstall the PainLocker Ransomware before proceeding with any other recovery steps.

It will be weeks or even months before malware experts can determine whether the PainLocker Ransomware is a coincidental event or one of a series of signs that threat actors are building variants of Everbe@airmail.cc Ransomware in earnest. Whether it's the former or the latter, it doesn't change the simple fact that PC users shouldn't work with their files long-term without backing them up.