KnowBe4 Intercepts Locker Ransomware

According to KnowBe4 a security company, IT managers should be wary of one fresh ransomware program known as Locker which remains silent on contaminated PCs till the time the program's controllers activate it, published SCMagazine.com dated May 27, 2015.

KnowBe4's CEO and Founder Stu Sjouwerman stated that considering what massive number of end-users from all over the world had been indicating about infections, it was possible that cyber-criminals had contaminated people since many months prior to activating the malicious program. SCMagazine.com reported this.

According to Sjouwerman, he would guess that the people were probably contaminated since 2-3 months without knowing about it.

Experts said that the Locker ransom malware quietly played on victims' PCs till the 25th of May, 2015 midnight after which its operators activated it.

When in force, Locker would encrypt the infected PC's documents and files using apparently RSA encryption and while doing so, it wouldn't rename the file extensions. Hence, to know whether any file was encrypted, one required attempting at opening it when he would be alerted his file couldn't be used or was corrupt.

Once the data would get encrypted with Locker, the ransomware would erase all shadow volume documents followed with exhibiting Locker's interface. With the 'Locker' title given to the interface followed with one arbitrary version number to it, there was little significance of the number though for, the Locker screen would provide the details as to the manner in which the ransomware should be paid, the victim's distinct bitcoin address whereto payment must be sent, the encrypted files' names along with one page for verifying the payment's status.

According to KnowBe4, the ransom demanded is comparatively small in the case of Locker, some 0.1 bitcoin that presently amounts to $23.75. Since the majority of ransomware assaults ask for $500 as ransom payment, it's suggestive of Locker as being created for making it simpler for a greater number of victims to make their payment.

Hitherto, Locker understandably has proliferated via exploit kits while hijacking Minecraft installers that gamers pull down from the Web, but Sjouwerman thinks it would shortly get served via phishing assaults.

» SPAMfighter News - 6/8/2015