iLock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 16,964 |
Threat Level: | 80 % (High) |
Infected Computers: | 7,462 |
First Seen: | January 10, 2017 |
Last Seen: | August 23, 2023 |
OS(es) Affected: | Windows |
PC security analysts have observed attacks involving the iLock Ransomware in January 2017. The first versions of the iLock Ransomware were observed in March 2016 carrying attacks in the wild, often with variants possessing different names. Earlier variants of the iLock Ransomware seemed to target computer users in Russian-speaking locations only. This is the opposite of many ransomware Trojans that are designed to avoid attacking computers where the Russian language is set as the default system language. This newer version of the iLock Ransomware, released in January 2017, includes English and Russian versions of the ransom note, named 'WARNING OPEN-ME.txt' and 'ВНИМАНИЕ_ОТКРОЙТЕ-МЕНЯ.txt.' The iLock Ransomware uses a strong encryption method that prevents computer users from recovering their files after they have been encrypted.
Table of Contents
Russian PC Users are the Main Target of the iLock Ransomware Infection
Even though the iLock Ransomware seems to target Russian-speakers, it is likely that the iLock Ransomware will pop up in other countries. The iLock Ransomware's code does not include language specific content that could be used to determine the origin of this threat infection. The people responsible for the iLock Ransomware attack have been effective in hiding their origin, hosting the iLock Ransomware's Command and Control servers on the TOR network, which allows them complete anonymity. It is clear that the people responsible for the iLock Ransomware attack are experienced, and there is an organized effort to distribute the iLock Ransomware and carry out these attacks. This differs from many ransomware Trojans that may be the work of amateur coders or inexperienced con artists who will hire the services of a RaaS (Ransomware as a Service) provider.
How the iLock Ransomware Carries out Its Attack
The main purpose of threats like the iLock Ransomware is to encrypt the victims' files. The iLock Ransomware does this so as to demand the payment of a ransom from the victim. After infiltrating the victim's computer, the iLock Ransomware uses the AES-256 encryption to encrypt the victim's data, making it completely impossible to access the encrypted files. The iLock Ransomware will encrypt files on all local drives, as well as on shared network folders and removable memory devices connected to the infected computer. The iLock Ransomware avoids system folders, allowing the iLock Ransomware to take the victim's files hostage but preserving the Windows' functionality. The iLock Ransomware and similar ransomware Trojans maintain the victim's operating system functional so that the victims can pay the ransom amount through the TOR browser.
How the iLock Ransomware and Similar Threats may be Distributed
The iLock Ransomware targets computers using the Windows operating system, and it is capable of infecting versions of Windows ranging from Windows 7 to Windows 10. One of the reasons why threats like the iLock Ransomware are so successful is that even if the iLock Ransomware infection is removed with a reliable security program, the victim's files will remain infected and inaccessible. Individual computer users also may be neglectful when it comes to creating backups of their files, making these attacks especially effective against unprotected computer users. The iLock Ransomware may be distributed using corrupted email attachments contained in spam email messages. Because of this, the first way to protect your computer from an iLock Ransomware infection is to make sure that you have a good anti-spam filter and never open unsolicited email attachments.
Computer users should have backups of their files on an external memory device or the cloud. The ability to recover the affected files from a backup makes attacks like the iLock Ransomware completely ineffective. It is also crucial to have a reliable security program that is fully up-to-date. Having a real-time threat scanner active should intercept the iLock Ransomware infection before it causes too much damage, or will not allow it to be installed on the targeted computer. A combination of caution, backups, and anti-malware software should keep all computer users safe from threats like the iLock Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.