VindowsLocker Ransomware
Posted: November 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 83 |
| First Seen: | November 22, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The VindowsLocker Ransomware is a Trojan that encodes your hard drive's contents with a cipher to prevent you from opening documents, pictures and other media. The predominant symptom of a VindowsLocker Ransomware infection is the ransom image it displays afterward for collecting money via a computer repair tactic. Until malware experts can confirm other details, they recommend protecting your PC with anti-malware solutions able to delete the VindowsLocker Ransomware before its attacks can launch.
A Sinister Version of Microsoft to the Rescue
While file-encrypting attacks give con artists an immediate, tangible degree of leverage over the computer users they attack, some threat actors insist on weighing their scales even further than that. One of the latest versions of the Hidden Tear malware analysts are examining, the VindowsLocker Ransomware includes social engineering tactics meant to solicit emotional panic responses and an accompanying submission to the ransom demand. As always, the decryption solution isn't automatic, and paying the VindowsLocker Ransomware's threat actors may be in vain.
The VindowsLocker Ransomware scans for files on the local machine based on their format types, including (but not necessarily limited to) PDF, DOC, PPT, XLS, TXT, JPG and PNG. When it finds any content of the above types, it encrypts them with an AES algorithm that generates a key ranging from 128 to 256 bits in length. The VindowsLocker Ransomware uploads that key to a server or remote account, thus giving the threat actor a form of collateral to initiate extortion negotiations.
The above all is what malware experts rate as being standard behavior from any version of a Hidden Tear Trojan. What makes the VindowsLocker Ransomware unusual is the approach it uses with its ransom message, which claims that the file-encrypting Trojan is a variant of 'zeus' (a particularly infamous spyware program). The same text also declares that a 'level 5 microsoft [sic] support technician' will assist you with the data recovery at a premium of 349 USD.
Smiling Back at an Extortionist's Smirk on Your Monitor
The VindowsLocker Ransomware may very well be a joke program never meant for full release or deployment. Even in comparison to other Hidden Tear-based threats, many details of its ransom campaign are amateurish, such as its use of a phone number for communication purposes. Whether it's a serious threat or an intended gag, the VindowsLocker Ransomware includes all of the potentially data-destroying risks that you can see in any Hidden Tear Trojan.
Most PC users should try to remove the VindowsLocker Ransomware with appropriate anti-malware tools before attempting data recovery. For circumstances where the public decryption options for Hidden Tear are insufficient, malware experts recommend using backups less subject to being encoded by the VindowsLocker Ransomware, or other threatening software of the same kind. However, any local copies kept by Windows, by default, are not necessarily reliable.
The VindowsLocker Ransomware is a good case of how threat authors continue luring their targets after already succeeding in accomplishing most of their goals. Pausing to consider your situation and the source of the information you're reading is never a poor choice, but that's especially true for scenarios like a VindowsLocker Ransomware infection.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 864.76 KB (864768 bytes)
MD5: 682f91e3ce769a6865ecd9f2b236e83a
Detection count: 27
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 22, 2016