SNSLocker Ransomware

The SNSLocker Ransomware is a Trojan that uses the AES-256 encryption to lock its victim's hard drive content. As usually is the case, these attacks include built-in ransom demands and an interface for transferring money to the SNSLocker Ransomware's administrators, who supposedly will give the victim a decryption solution. Since more consistent means of data protection are widely available, malware researchers see no justification for any actions other than removing the SNSLocker Ransomware by way of the usual anti-malware procedures.

Finding Your Hard Drive 'Safe' in Another Person's Locker

The SNSLocker Ransomware is a threat unrelated to, but potentially profiting from the name recognition of DNS-Locker. Instead of being adware, the SNSLocker Ransomware is a threatening file encryptor that uses data-rearranging algorithms to block local content. Although the SNSLocker Ransomware is a work in progress with many of its features incomplete, malware analysts did verify its capacity for leveraging the AES-256 encryption, along with RSA-protected passwords. These attacks are meant to force the victim into a ransom payment process for undoing the damage to their data.

While malware experts took note of this threat using a relatively sophisticated payment procedure, that feature also mandates various environmental dependencies that could cause the Trojan to malfunction, in which case the user may see a .NET Framework error. If its installation and automatic Windows startup does succeed, the SNSLocker Ransomware contacts a Command & Control server, and transfers over identifying system information. After this 'handshake' and password generation, the SNSLocker Ransomware attacks the infected PC's files, as long as they fall within a range of over a hundred formats.

Attacked formats include text documents, images, music/audio, compressed archives, and various Microsoft software defaults. In addition to the encryption, the SNSLocker Ransomware also may divide larger files into one or more new ones, identifying them with its RSplited name tag. All encrypted content, whether split or not, receives a second text string: RSNSlocked. The affected data is locked and only can open after being decrypted.

Staying Calm Under the Toxicity of a New Encryptor's Attack

Although the SNSLocker Ransomware doesn't include independently-functioning desktop-locking features, its code does contain references to image-based ransom messages that may be delivering themselves through changing the user's wallpaper. The instructions demand Bitcoin payments transferred through an included Web application, valued at roughly 300 USD. Its messages also threaten that any attempt to disinfect your PC could result in permanent data loss, albeit without any rational justification.

Paying con artists for recovering data is, at best, a risky transaction without any legal protections. PC users who are concerned about potential data loss should use multiple backups kept in high-security locations, such as password-protected cloud servers and detachable hard drives. Local Windows backups, while sometimes possible, are too frequently targeted by threats like the SNSLocker Ransomware to be a reliable means of recovering from its attacks.

Samples of the SNSLocker Ransomware only have been analyzed in-depth recently, although malware experts have noted overall good detection rates from most major brands in the PC security sector. Using standard security procedures to reboot your PC safely and then deleting the SNSLocker Ransomware with an anti-malware product is still the most efficient solution to an infection. Most importantly, for all but the most careless of PC owners, the point of paying for a decryptor is made irrelevant by using free ways to protect your files.

Technical Details