Trident File Locker

Posted: March 23, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	73

First Seen:	March 27, 2017
Last Seen:	August 5, 2022
OS(es) Affected:	Windows

The Trident File Locker is a file-encrypting Trojan that can block your files and modify their names or extensions. Most con artists use threats of this category for delivering ransom demands for payment before they'll help decode your data, although such solutions are a high-risk inherently. Proven, mainstream defenses include backing up your hard drive regularly and letting anti-malware products analyze all infection vectors and remove the Trident File Locker before any attacks.

The Newest Weapon in Any Lawbreaker's Arsenal

A threat actor calling himself 'madD3SIR3' has created a new builder for a prospective family of file-encoding threats. For the time being, malware analysts are referring to the Trojan 'output' of this application as the Trident File Locker. Although the configurable features are limited, the Trident File Locker includes both encryption and extortionist note-dropping services. Con artists can use these attacks to lock various types of data on an infected PC and, then, extract payments for the decryptor.

The author madD3SIR3 is using GitHub hosting for his project, which may be rented out to third-party people or even given away for free. The means of proliferation is left up to the third-party, with examples of typical installation techniques including spam e-mails, brute-force RDP attacks, and EKs like the RIG Exploit Kit abusing Web-browsing vulnerabilities. The Trident File Locker's post-installation payload includes a feature for encrypting local files with a cipher that malware experts still are identifying. This attack can block the user from opening documents, pictures, and other content. Other functions in its latest samples include:

The Trident File Locker can encrypt an indeterminate number of extensions that are fully configurable by the threat actor operating its builder software. For example, one campaign could target only TXT or DOC files, while another could target hundred of other formats. In a meaningful contrast from most, similar threats that malware experts examine, it gives no options for filtering out files in particular locations such as the often-excluded Windows directory.
The Trident File Locker also creates a text file of a name chosen by the author (it provides 'Read_this_Allahuakbar' as a default), with its contents inputted into a small window in the builder. Most threat actors use these features for delivering ransoming messages to sell their decryption solutions, including either the actual decryptor or merely the code to use it.
Finally, the Trident File Locker also lets the threat actor determine its decryption password, which doesn't appear to have any variables generated dynamically. However, different releases of the Trident File Locker may use different passwords.

Dulling the Tips of a Weapon Aimed at Your Files

Since its installation methods are left up to the arbitrary individuals deploying it entirely, malware researchers can't confirm any, specific infection vector. However, they have yet to see any current attacks using this threat, whose development may be incomplete. Future attacks may use disguises such as targeted e-mail messages or fake extensions and icons that mislead you about a file's format. A threat actor also could install the Trident File Locker automatically, after gaining access to your PC via brute-forcing a weak login combination or visiting a compromised website that's hosting drive-by-download scripts.

Possessing a backup besides the standard SVC data stored in Windows (which file-encoding Trojans often delete) is a habit malware experts encourage for restricting how much harm that encryption can do to your computer especially. Since its attacks show little to no discrimination regarding of what locations they damage, the Trident File Locker's relative simplicity and sparsity of building options may make it even more threatening than sophisticated Trojans like the Crysis Ransomware.

Always update your anti-malware products to heighten their chances of deleting the Trident File Locker and other, new threats that may be avoiding old threat definitions. Although the Trident File Locker is a family of Trojans with very recent dating, diligent security standards can help cut off its branches before they can become headlines about undeserved profit margins.

Trident File Locker

Threat Metric

The Newest Weapon in Any Lawbreaker's Arsenal

Dulling the Tips of a Weapon Aimed at Your Files

Leave a Reply