Shootlock Ransomware
The Shootlock Ransomware is a file-locking Trojan that's a variant of the Makop Ransomware. The Shootlock Ransomware targets the user's files and prevents their opening through encryption, and sells its unlocking help afterward in a text note. Users should have backups in case of the unavailability of a decryptor and let their anti-malware solutions handle removing the Shootlock Ransomware.
Small Names in Big Data Crime
Threats like Hidden Tear, the Scarab Ransomware, and other, hijacked proof-of-concept and hired RaaS businesses are, by the numbers, responsible for most file-locking attacks. Such statistics are, however, unhelpful for victims of lesser-known Trojans' attacks, who may lack the infamy of their competition, but are equally problematic during infections. One of the smaller Trojan families, the Makop Ransomware, is proving itself viable as a danger to data, if not necessarily a money maker, through its offspring, the Shootlock Ransomware.
Although there are English and Turkish versions of the Makop Ransomware family, the Shootlock Ransomware belongs to the former – perhaps unsurprisingly, due to its already being the most numerous half. After it establishes persistence through a Registry mutex, the Shootlock Ransomware launches attacks that are archetypal for most Ransomware-as-a-Services. Out of them, malware researchers point out the following, critical ones:
- The Shootlock Ransomware uses a standard set of encryption algorithms for encoding file data and blocking it. Targeted formats may range from text documents like Word's DOCs to audio, video, spreadsheets, images or archives.
- While blocking files, the Shootlock Ransomware also changes their names by inserting a bracketed serial, a separate bracketed e-mail for contacting the threat actor, and the 'shootlock' extension. Changing the filename back to 'normal' doesn't remove the encryption or make the file openable.
- The Shootlock Ransomware makes money off of this payload through its Notepad TXT file, which uses grammatically-questionable English in a question-and-answer format, like several other RaaSes. While malware experts don't encourage the paying of ransoms for an unlocker, the Shootlock Ransomware offers a free demonstration that might prove useful.
A Bullet for a Trojan before It Shoots Your Files
While file-locker Trojans lie about how secure their encryption routines are regularly, fool-proof encryptors aren't a hard programming obstacle, either. In the Shootlock Ransomware's case, malware researchers see no viable path towards decrypting currently and, therefore, unlocking any files for free. Victims taking the gamble of paying the ransom, however, may find themselves receiving no benefits for the expense – and no refund chances, thanks to the use of the Bitcoin cryptocurrency.
Windows users can protect themselves – and their media – from this threat through the standard methods that remain viable against nearly all kinds of Trojans, file-locking or otherwise. Disabling macros and installing software patches will remove many drive-by-download vulnerability opportunities. While browsing the Web, users also should turn off Flash, Java and JavaScript. A non-local backup also is favorable for recovering any data lost in a Trojan infection.
Small-time groups of Trojans may lack the publicity of an older, greater one, but they can be that much more unpredictable, as well. Predicting the infection strategies of a Trojan like the Shootlock Ransomware is as much art as it is science, although what that means for its ransom collections isn't known.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.