Rans0mlocked Ransomware
Posted: May 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 28 |
First Seen: | May 8, 2017 |
---|---|
OS(es) Affected: | Windows |
The Rans0mlocked Ransomware is a Trojan that can lock your files by modifying them with an encryption algorithm. Its attacks include pop-up windows for demanding payments to unlock your content. Since these symptoms appear after the Trojan has already blocked your media, malware experts recommend adhering to basic backup strategies for payload mitigation and using anti-malware protection to remove the Rans0mlocked Ransomware.
A Lock with a Cryptocurrency Cost to Open
Threat actors investing in file-encrypting Trojan campaigns still show various tactics for manipulating their victims, ranging from brand-heavy motifs and emotive language to dispassionate instructions towards the desired outcome. While the tone of speech and delivery may differ, almost every file-encrypting Trojan generates revenue. One of malware analysts' newer catches, the Rans0mlocked Ransomware, illustrates how profitable Trojans can be without the overblown warnings of threats like the Jigsaw Ransomware.
With its earliest known samples dating no further back than the first half of May, the Rans0mlocked Ransomware has yet to make significant statistical waves in comparison with established Trojans like Troldesh. However, it does share the primary features of these old file-encrypting Trojans, including the ability to block your data and ransom them through its accompanying pop-ups. While the Rans0mlocked Ransomware uses a variant of AES for its encryption most probably, malware analysts have yet to confirm it. No free decryptors for the files locked by the Rans0mlocked Ransomware are being hosted, making any content that the Rans0mlocked Ransomware attacks no better than deleted potentially.
Some symptoms that you may see in different versions of the Rans0mlocked Ransomware include hijacked wallpaper images and filename changes, especially the appending of new extensions. However, malware analysts verify the Rans0mlocked Ransomware's use of Windows pop-ups that display a simple, built-in Bitcoin payment verification primarily, as well as a possible decryptor, once you pay. There remains the possibility that the latter is fake; with the use of the Bitcoin cryptocurrency, extortionists could collect their pay and not be in danger of forcible refunds for avoiding their decryption duties.
Unlocking Your Files without Paying the Price
The Rans0mlocked Ransomware's pop-up is a straightforward message that streamlines the extortion process into being a supposedly semi-automated task, just like the Russian Fatboy Ransomware. Unlike the Fatboy Ransomware, the Rans0mlocked Ransomware's authors are giving out limited information to the users they attack, which may make the ransoming process seem less intimidating to the victim. Whether it's a strategy invoked deliberately or a side effect of their campaign's priorities, the Rans0mlocked Ransomware offers a 'simple' decryption solution with a non-negligible chance of being fraudulent.
While the Rans0mlocked Ransomware is only targeting English speakers, its means of distribution aren't yet verifiable. Examples of expected exploits include corrupted website scripts, e-mail attachments, and, in a small minority of attacks, bundling with other downloads. Although anti-malware products don't include decryption services, they can block and delete the Rans0mlocked Ransomware infections before the encryption occurs. Otherwise, malware analysts emphasize the value of a rigorous backup strategy.
By the standards of its kind, the Rans0mlocked Ransomware is a 'short and sweet' idea of a file-encrypting Trojan. Whether the responsible party waxes verbose or limits himself to the bare minimum in demands, the damages to your files usually will be the same, either way.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.