A ransomware with “extra powers” was discovered by experts from BlackBerry Threat Intelligence and revealed on Wednesday (16). This is LokiLocker, which goes beyond encrypting data on infected devices.
According to the company’s security team, this new ransomware can remove all data from the computer. This happens if the owner of the machine doesn’t pay up after the disk has been encrypted and the cybercriminals have demanded a ransom.
The threat was first detected in August last year and was named after the Norse mythological god Loki. An enemy of the other gods, he is known for his trickery and ability to change shape, which allows him to enter places uninvited to demand what is not his, a behavior similar to that of malware.
Regarding the origins of the LokiLocker ransomware, the researchers observed that the debugging strings are in English and without the spelling mistakes common to malicious agents created by Russians and Chinese. Some tools attributed to the Iranian cracker team AccountCrack were also discovered.
No antidote yet
Using a relatively rare technique of code obfuscation tomake it difficult for security tools to detect, the ransomware discovered by BlackBerry targets Windows computers. It offers a configuration file that accepts different instructions from the attackers.
File encryption usually starts with the “Favorites” and “Recent” directories and can go through all the PC’s local drives, depending on the attacker’s instructions. The malware also includes a network scanning mechanism, making it possible to encrypt network shares.
Experts point out that there is currently no free tool to decrypt files hijacked by LokiLocker. Prevention is the best way to protect yourself, making backups of important files, avoiding clicking on suspicious links and being careful with downloads from unknown sites.
Via Tecmundo
