Relock Ransomware

Posted: November 6, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 5

Relock Ransomware Description


The Relock Ransomware is an update to the AES-Matrix Ransomware that changes the types of media the Trojan locks through encryption, in addition to creating text documents demanding payment for the unlocker. Users can block localized attacks by file-locking threats with secure backups to keep their digital media safe, as well as appropriate security precautions for avoiding the most well-known infection exploits. If the Trojan already has breached your PC's defenses successfully, many anti-malware products also may uninstall the Relock Ransomware.

Going Back to the Matrix Again

Retooling the attacks of a previously-known threat does put a con artist's campaign at risk of being identified by various brands of AV software easily, but also saves extensively on the work effort required for any given payload. What the newest Relock Ransomware loses in obfuscation may not be a problem necessarily, thanks to its relatively meager rates for detection by AV databases. In the meantime, this variation of the old AES-Matrix Ransomware still locks files but chooses different types of information to harm.

Early estimates place the Relock Ransomware's campaign as being active in Russian-oriented sectors particularly, although malware experts can't yet verify whether or not the Relock Ransomware is using the RIG Exploit Kit or other models of distribution. Since its executable is utilizing semi-randomized names, it most likely is not installed directly by the user, although a disguised download could use another threat, such as Zlob, as a 'go-between' that installs this Trojan.

The Relock Ransomware blocks the user from opening various formats of data by targeting each file with its encryption feature individually and may include network-accessible drives. Unlike the AES-Matrix Ransomware, the Relock Ransomware limits this function to encoding and blocking compressed archives and text documents. There may or may not be new extensions appended for determining which files are encoded visibly; some sources are reporting of variants of the AES-Matrix adding '.matrix' tags, although malware experts confirmed otherwise with their samples.

Rejecting a Trojan's Reality

The Relock Ransomware retains the signature feature of the AES-Matrix Ransomware: a ransom note that uses an RTF format, instead of TXT, HTML or HTA, all of which are more common alternatives. While its threat actors are using a slightly different set of instructions from those of the past Trojan, the document remains borrowed from other sources primarily, only with new e-mail addresses for negotiating and paying the ransom. Due to the suspect nature of these transactions, malware experts suggest trying other recovery possibilities and leaving ransoms for a final solution only to reserve in desperate circumstances.

Only one-quarter of all notable AV vendors are identifying the Relock Ransomware accurately, although the Trojan's campaign still is young. Updating your security software routinely can improve their odds of detecting new Trojans and decrease the chances of false-positives (the inaccurate detection of a safe file as being unsafe). Along with the use of anti-malware products for disabling or deleting the Relock Ransomware, users also may want to copy their media to protected locations that this Trojan can't damage.

To an extent, PC owners have no one other than themselves to blame for the profits that Trojans like the Relock Ransomware can create with not much work. When something as easy as backing up your files can save you hundreds of dollars or tens of thousands of rubles, no excuse is sufficient to put it off.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Relock Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 611.32 KB (611328 bytes)
MD5: c97075cf1f28b322da460adfd404310f
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 6, 2017

Related Posts

Home Malware Programs Ransomware Relock Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.