YafunnLocker Ransomware
Posted: November 15, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 49 |
| First Seen: | November 15, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The YafunnLocker Ransomware, also known by the alias of CryptoLuck, is a Trojan that blocks your files through an encryption technique and creates pop-ups to persuade you into paying a ransom. Paying these ransoms doesn't always give the victims their files back, and malware experts recommend investing in backups that can offer a reliable data recovery service. Outside of restoring your files by the usual methods, keeping anti-malware products for detecting and deleting the YafunnLocker Ransomware on sight is the most efficient way to preserve your saved data.
A Bright, Bold Trojan with the Same, Old Plan of Attack
PC users often are chided to avoid opening unsafe e-mail messages or click on corrupted links, but not every security problem is necessarily visible. One of the most harmful method malware experts see for distributing threats this year is the RIG Exploit Kit. This browser-exploiting package of scripts is responsible for installing Trojans like the Alcatraz Ransomware, the latest version of the Cerber Ransomware, and the new YafunnLocker Ransomware.
Vulnerable PCs not patched against security flaws in features like Flash or JavaScript may experience a compromise as soon as their Web browser loads an infected website. The asymptomatic drive-by-download installs the YafunnLocker Ransomware, after which, the Trojan begins scanning for media to encode. Once it's encrypted, a file will have its name changed with the addition of a new extension ('[A-F0-9]{8}_luck') and be incompatible with any associated programs.
Related symptoms malware experts verified from the YafunnLocker Ransomware include:
- The YafunnLocker Ransomware replaces the desktop wallpaper with a bright, red encryption warning-themed image.
- The YafunnLocker Ransomware creates a Notepad file that provides minor information on its attack and how to pay its ransom, most likely meant as a backup in case its final message (see below) fails to load.
- The YafunnLocker Ransomware also generates a pop-up in a matching red theme, containing a user interface on paying to get its decryption key.
Escaping a Countdown Towards Deletion
The YafunnLocker Ransomware places stress on victims to force payments through its inclusion of a timer component and threatens the permanent deletion of the decryption key at zero. Since even paying the ransom it demands has no guarantee of being able to decrypt anything, malware experts always encourage attempting any other data recovery options beforehand. They also haven't noted any additional attacks hard-coded in the Trojan that it links to its Web timer, which may be a bluff. Data restoration methods against file-encrypting Trojans often benefit from the availability of an uninfected backup.
Anti-malware products with browser-based threat monitors can block the RIG EK and similar attacks. You should treat deleting the YafunnLocker Ransomware as a separate process from any data recovery, which can require specialized decryption tools not yet available. However, you can provide samples to security researchers with public histories of decryption development and use traditional anti-malware products for removing the YafunnLocker Ransomware from your computer.
At the end of the day, for PC users who feel safe enough to keep no more than one copy of their files, threat actors like the YafunnLocker Ransomware's creator may be their greatest enemy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.