Relock Ransomware Description
The Relock Ransomware is an update to the AES-Matrix Ransomware that changes the types of media the Trojan locks through encryption, in addition to creating text documents demanding payment for the unlocker. Users can block localized attacks by file-locking threats with secure backups to keep their digital media safe, as well as appropriate security precautions for avoiding the most well-known infection exploits. If the Trojan already has breached your PC's defenses successfully, many anti-malware products also may uninstall the Relock Ransomware.
Going Back to the Matrix Again
Retooling the attacks of a previously-known threat does put a con artist's campaign at risk of being identified by various brands of AV software easily, but also saves extensively on the work effort required for any given payload. What the newest Relock Ransomware loses in obfuscation may not be a problem necessarily, thanks to its relatively meager rates for detection by AV databases. In the meantime, this variation of the old AES-Matrix Ransomware still locks files but chooses different types of information to harm.
Early estimates place the Relock Ransomware's campaign as being active in Russian-oriented sectors particularly, although malware experts can't yet verify whether or not the Relock Ransomware is using the RIG Exploit Kit or other models of distribution. Since its executable is utilizing semi-randomized names, it most likely is not installed directly by the user, although a disguised download could use another threat, such as Zlob, as a 'go-between' that installs this Trojan.
The Relock Ransomware blocks the user from opening various formats of data by targeting each file with its encryption feature individually and may include network-accessible drives. Unlike the AES-Matrix Ransomware, the Relock Ransomware limits this function to encoding and blocking compressed archives and text documents. There may or may not be new extensions appended for determining which files are encoded visibly; some sources are reporting of variants of the AES-Matrix adding '.matrix' tags, although malware experts confirmed otherwise with their samples.
Rejecting a Trojan's Reality
The Relock Ransomware retains the signature feature of the AES-Matrix Ransomware: a ransom note that uses an RTF format, instead of TXT, HTML or HTA, all of which are more common alternatives. While its threat actors are using a slightly different set of instructions from those of the past Trojan, the document remains borrowed from other sources primarily, only with new e-mail addresses for negotiating and paying the ransom. Due to the suspect nature of these transactions, malware experts suggest trying other recovery possibilities and leaving ransoms for a final solution only to reserve in desperate circumstances.
Only one-quarter of all notable AV vendors are identifying the Relock Ransomware accurately, although the Trojan's campaign still is young. Updating your security software routinely can improve their odds of detecting new Trojans and decrease the chances of false-positives (the inaccurate detection of a safe file as being unsafe). Along with the use of anti-malware products for disabling or deleting the Relock Ransomware, users also may want to copy their media to protected locations that this Trojan can't damage.
To an extent, PC owners have no one other than themselves to blame for the profits that Trojans like the Relock Ransomware can create with not much work. When something as easy as backing up your files can save you hundreds of dollars or tens of thousands of rubles, no excuse is sufficient to put it off.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Relock Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
file.exeFile name: file.exe
Size: 611.32 KB (611328 bytes)
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 6, 2017