SNSLocker Ransomware
Posted: June 27, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 39 |
First Seen: | June 27, 2013 |
---|---|
OS(es) Affected: | Windows |
The SNSLocker Ransomware is a Trojan that uses the AES-256 encryption to lock its victim's hard drive content. As usually is the case, these attacks include built-in ransom demands and an interface for transferring money to the SNSLocker Ransomware's administrators, who supposedly will give the victim a decryption solution. Since more consistent means of data protection are widely available, malware researchers see no justification for any actions other than removing the SNSLocker Ransomware by way of the usual anti-malware procedures.
Finding Your Hard Drive 'Safe' in Another Person's Locker
The SNSLocker Ransomware is a threat unrelated to, but potentially profiting from the name recognition of DNS-Locker. Instead of being adware, the SNSLocker Ransomware is a threatening file encryptor that uses data-rearranging algorithms to block local content. Although the SNSLocker Ransomware is a work in progress with many of its features incomplete, malware analysts did verify its capacity for leveraging the AES-256 encryption, along with RSA-protected passwords. These attacks are meant to force the victim into a ransom payment process for undoing the damage to their data.
While malware experts took note of this threat using a relatively sophisticated payment procedure, that feature also mandates various environmental dependencies that could cause the Trojan to malfunction, in which case the user may see a .NET Framework error. If its installation and automatic Windows startup does succeed, the SNSLocker Ransomware contacts a Command & Control server, and transfers over identifying system information. After this 'handshake' and password generation, the SNSLocker Ransomware attacks the infected PC's files, as long as they fall within a range of over a hundred formats.
Attacked formats include text documents, images, music/audio, compressed archives, and various Microsoft software defaults. In addition to the encryption, the SNSLocker Ransomware also may divide larger files into one or more new ones, identifying them with its RSplited name tag. All encrypted content, whether split or not, receives a second text string: RSNSlocked. The affected data is locked and only can open after being decrypted.
Staying Calm Under the Toxicity of a New Encryptor's Attack
Although the SNSLocker Ransomware doesn't include independently-functioning desktop-locking features, its code does contain references to image-based ransom messages that may be delivering themselves through changing the user's wallpaper. The instructions demand Bitcoin payments transferred through an included Web application, valued at roughly 300 USD. Its messages also threaten that any attempt to disinfect your PC could result in permanent data loss, albeit without any rational justification.
Paying con artists for recovering data is, at best, a risky transaction without any legal protections. PC users who are concerned about potential data loss should use multiple backups kept in high-security locations, such as password-protected cloud servers and detachable hard drives. Local Windows backups, while sometimes possible, are too frequently targeted by threats like the SNSLocker Ransomware to be a reliable means of recovering from its attacks.
Samples of the SNSLocker Ransomware only have been analyzed in-depth recently, although malware experts have noted overall good detection rates from most major brands in the PC security sector. Using standard security procedures to reboot your PC safely and then deleting the SNSLocker Ransomware with an anti-malware product is still the most efficient solution to an infection. Most importantly, for all but the most careless of PC owners, the point of paying for a decryptor is made irrelevant by using free ways to protect your files.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 650.24 KB (650240 bytes)
MD5: c3cd8168f96e89998cab52b436c24b7d
Detection count: 29
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 19, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.