Home Malware Programs Ransomware Rans0mlocked Ransomware

Rans0mlocked Ransomware

Posted: May 8, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 28
First Seen: May 8, 2017
OS(es) Affected: Windows

The Rans0mlocked Ransomware is a Trojan that can lock your files by modifying them with an encryption algorithm. Its attacks include pop-up windows for demanding payments to unlock your content. Since these symptoms appear after the Trojan has already blocked your media, malware experts recommend adhering to basic backup strategies for payload mitigation and using anti-malware protection to remove the Rans0mlocked Ransomware.

A Lock with a Cryptocurrency Cost to Open

Threat actors investing in file-encrypting Trojan campaigns still show various tactics for manipulating their victims, ranging from brand-heavy motifs and emotive language to dispassionate instructions towards the desired outcome. While the tone of speech and delivery may differ, almost every file-encrypting Trojan generates revenue. One of malware analysts' newer catches, the Rans0mlocked Ransomware, illustrates how profitable Trojans can be without the overblown warnings of threats like the Jigsaw Ransomware.

With its earliest known samples dating no further back than the first half of May, the Rans0mlocked Ransomware has yet to make significant statistical waves in comparison with established Trojans like Troldesh. However, it does share the primary features of these old file-encrypting Trojans, including the ability to block your data and ransom them through its accompanying pop-ups. While the Rans0mlocked Ransomware uses a variant of AES for its encryption most probably, malware analysts have yet to confirm it. No free decryptors for the files locked by the Rans0mlocked Ransomware are being hosted, making any content that the Rans0mlocked Ransomware attacks no better than deleted potentially.

Some symptoms that you may see in different versions of the Rans0mlocked Ransomware include hijacked wallpaper images and filename changes, especially the appending of new extensions. However, malware analysts verify the Rans0mlocked Ransomware's use of Windows pop-ups that display a simple, built-in Bitcoin payment verification primarily, as well as a possible decryptor, once you pay. There remains the possibility that the latter is fake; with the use of the Bitcoin cryptocurrency, extortionists could collect their pay and not be in danger of forcible refunds for avoiding their decryption duties.

Unlocking Your Files without Paying the Price

The Rans0mlocked Ransomware's pop-up is a straightforward message that streamlines the extortion process into being a supposedly semi-automated task, just like the Russian Fatboy Ransomware. Unlike the Fatboy Ransomware, the Rans0mlocked Ransomware's authors are giving out limited information to the users they attack, which may make the ransoming process seem less intimidating to the victim. Whether it's a strategy invoked deliberately or a side effect of their campaign's priorities, the Rans0mlocked Ransomware offers a 'simple' decryption solution with a non-negligible chance of being fraudulent.

While the Rans0mlocked Ransomware is only targeting English speakers, its means of distribution aren't yet verifiable. Examples of expected exploits include corrupted website scripts, e-mail attachments, and, in a small minority of attacks, bundling with other downloads. Although anti-malware products don't include decryption services, they can block and delete the Rans0mlocked Ransomware infections before the encryption occurs. Otherwise, malware analysts emphasize the value of a rigorous backup strategy.

By the standards of its kind, the Rans0mlocked Ransomware is a 'short and sweet' idea of a file-encrypting Trojan. Whether the responsible party waxes verbose or limits himself to the bare minimum in demands, the damages to your files usually will be the same, either way.

Loading...