Wholocked Ransomware
The Wholocked Ransomware is a file-locking Trojan that can capture your digital media files through encrypting them. Its symptoms include hijacking the user's desktop wallpaper, creating text ransom notes, and tagging the names of files with 'wholocked' extensions. As always, users should have backups secured for their recovery needs and delegate the removal of the Wholocked Ransomware to trusted anti-malware products.
Who Locked those Files? Probably, a Fake Document
Independent versions of file-locking Trojans and smaller families are a minority of such campaigns. Nonetheless, their capacity for havoc stands up to giants like Hidden Tear and the Scarab Ransomware on equal footing. The encryption attacks of the recently-confirmed, lone wolf-style Trojan, the Wholocked Ransomware, are similar to others in the same threat category. Unlike most of them, the Wholocked Ransomware's campaign leaves hints of its distribution exploits. This breadcrumb trail may prevent users from infecting their computers, assuming that they adapt to the warning responsibly.
The Wholocked Ransomware is a Windows-compatible program that uses encryption to block files, with media formats like documents being at risk highly. Most other symptoms of the Wholocked Ransomware infections keep to the traditions that malware experts see elsewhere in these Trojans. The Trojan appends 'wholocked' extensions to file names, drops TXT ransom notes that ask for Bitcoins, and swaps the user's desktop wallpaper for a warning message. Other elements of the Wholocked Ransomware suggest that the campaign is attacking victims in Europe.
The Wholocked Ransomware references Euros, rather than US dollars, in its messages, which offers a general clue of its geographical operating range. More specifically than that, malware analysts also are catching versions of the Trojan that use the German spelling of the word 'document,' AKA, 'dokument.' If this isn't a coincidence, this choice makes the Wholocked Ransomware a direct competitor with the Crimson Ransomware, although, hopefully, minus that Trojan's pairing with a RAT.
Keeping Data-Endangering Documents Closed
Most file-locking Trojans' attacks are very preventable, assuming that users aren't ignorant of basic security protocols entirely. Windows users should always be careful of opening documents and other files from unverifiable sources, such as unexpected e-mails or torrents. Malware experts also encourage installing software security updates and turning off macros, which can remedy corrupted document-based vulnerabilities.
Archetypal tactics related to file-locking Trojans' campaigns are, mostly, ones related to workplace environment themes. Criminals may disguise their Trojan droppers as invoices, package notifications or resume submissions. Although most attacks involve direct attachments, there also are cases of obfuscated links or Web-hosted Exploit Kits being responsible for drive-by-downloads that could install these Trojans. Most users also should consider disabling Java, JavaScript and Flash while browsing the Web.
Because there isn't a decryption service for the Wholocked Ransomware for free, users only can recover through risking the ransom or, preferably, using a preexisting backup.
What little the Wholocked Ransomware has to say before its ransom demands might not seem like much, but these clues can stop further attacks before they start. Those who heed the warning will make off far better than those who ignore it, especially if there are no backups on hand.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.