SnakeLocker Ransomware

The SnakeLocker Ransomware is a Trojan that demands ransoms to restore your files after blocking them. Its encryption attacks are defensible most directly by having a secure backup from before an infection, although free decryption solutions sometimes are available to the public. Malware experts recommend backing up your files to remote devices and using anti-malware products for removing the SnakeLocker Ransomware from your computer safely.

Misdeeds are Slithering Up to Your Screen

While a majority of file-encoding threats are either members of a rental-based Trojan family or owe their creation to old code, not every Trojan has a highly traceable ancestry. Among the independents that malware experts are examining in late July, the SnakeLocker Ransomware is one of many that show all the usual features of data-encoding families like Hidden Tear. Although the SnakeLocker Ransomware does create easy-to-see symptoms, by the time it does so, the victim's media is already being locked.

While it's very new, malware researchers are confirming two versions of the SnakeLocker Ransomware circulating in the wild already. These variants deviate concerning some cosmetic symptoms primarily, and, otherwise, launch all of the same attacks detailed below:

• The SnakeLocker Ransomware uses a not yet identifiable, but most likely AES-based encryption algorithm for blocking files on the infected PC. Content that's encoded and locked can include documents, archives, Web pages, pictures and other media.
• Depending on which version of the threat is attacking, the names of your files also may have new '.snake' or '.TGIF' extensions that the SnakeLocker Ransomware appends to them automatically.
• Either variation of the SnakeLocker Ransomware drops a similar ransom note in a Web page-based format, to give the victim its ransom demands. The SnakeLocker Ransomware asks for 0.1 Bitcoin to decrypt and unlock your media, with the choice of a cryptocurrency preventing you from getting a refund if the threat actor goes back on his word.

Exterminating a Trojan Before Its Poison Spreads

The SnakeLocker Ransomware might owe its brand name to its author's preferred programming language: Python, the same platform that old threats like PyCL Ransomware also abuse. Although this choice could give the SnakeLocker Ransomware some minor protection from heuristics-based threat detection, it does nothing to enhance its encryption or the means by which victims could defend themselves against it. Having backups is always the favored solution for reversing all damages from an encryption attack, whether you install the SnakeLocker Ransomware accidentally or another threat actor runs it after compromising your PC.

Threat actors usually disguise Trojans like the SnakeLocker Ransomware as being non-threatening e-mail attachments, free software downloads, or even browser-delivered software updates. Use software with anti-malware features for identifying and removing the SnakeLocker Ransomware before it installs itself, or quarantining it afterward. Because of the high risk of the SnakeLocker Ransomware's deleting local backups, any data copies meant for recovery are safest on peripheral devices or cloud storage servers.

While malware researchers have been unable to confirm the infection methods for the SnakeLocker Ransomware's campaign, its Web presence in multiple editions is already demonstrating its author's work ethics. Anyone without similar diligence in preserving the valuable contents of their hard drives may find themselves at the sharp end of an extortion tactic.

Technical Details