Takahiro Locker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 4 |
First Seen: | October 19, 2016 |
Last Seen: | January 9, 2019 |
OS(es) Affected: | Windows |
Computer users have reported various attacks by the Takahiro Locker Ransomware, often puzzled about the nature of these attacks because the Takahiro Locker Ransomware's ransom note is written in Japanese. The Takahiro Locker Ransomware does not target computer users exclusively in Japan, although this is obviously its goal. The Takahiro Locker Ransomware encrypts a particularly small set of file types, although these are file types that have value to the victim.
The Takahiro Locker Ransomware's Name is Based on a Real Person
The Takahiro Locker Ransomware encrypts the victim's files and then demands a substantial ransom of three BitCoins, which is on average about $1900 USD at the current exchange rate. The Takahiro Locker Ransomware is specifically designed to encrypt documents, pictures, and media files, and then delivers a ransom note to the victim written in Japanese. The Takahiro Locker Ransomware is distributed using corrupted email attachments and other common threat delivery methods commonly. If your computer becomes infected with the Takahiro Locker Ransomware, PC security researchers strongly advise to avoid paying the ransom and instead restore the compromised files from a backup copy.
Unfolding the Takahiro Locker Ransomware Attack and Infection Process
The Takahiro Locker Ransomware is delivered in an EXE file, an executable file that contains the Takahiro Locker Ransomware's payload. There are numerous ways in which the Takahiro Locker Ransomware's executable file may be delivered to victims, the most common being the use of corrupted file attachments. Spam email messages containing a misleading message and an attachment disguised as an invoice or another type of document are a common threat delivery method that has been associated with the Takahiro Locker Ransomware and countless, similar threats.
The Takahiro Locker Ransomware receives its name because it is the name displayed in the Takahiro Locker Ransomware's lock screen and ransom note. The Takahiro Locker Ransomware specifically targets Japanese speakers, with infections appearing all over the world. The Takahiro Locker Ransomware is detected with the following names by popular security programs currently in use:
Trojan.Win32.Scar.nzln (Kaspersky)
Trojan.GenericKD.3222895 (BitDefender)
W32/Scar.NZLN!tr (Fortinet)
Ransom_TAKALOCKER.A (TrendMicro)
The Takahiro Locker Ransomware delivers its payload and creates the following directory (which is clearly designed to mislead the victim by making it appear as if the files belong to the Google Chrome Web browser):
%User Temp%\Google\Chrome
The Takahiro Locker Ransomware's executable file is named 'Update.exe,' and looks like a Web browser update. The following is a translation of the Takahiro Locker Ransomware's ransom note:
Hello,
this is Tang, a Lawyer.
You have made an illegal file transfer, so I have locked your PC.
To unlock your files, you need to pay 3 Bitcoins within 3 days.
You need to have 30,000 Japanese Yen, to transfer them to Bitcoins and send them to me.
If you don't pay within 3 days, the key for decryption will be deleted from where the server is stored and the data of your PC can no longer be returned.
Click the button “Next”.
The Takahiro Locker Ransomware is designed to encrypt the following file types:
.txt, .jpg, .png, .bmp, .zip, .rar, .torrent, .7z, .sql, .pdf, .tar, .mp3, .mp4, .flv, .lnk, .html, .php
This is a remarkably short list when compared to other ransomware Trojans currently active. PC security analysts have observed similar threats that target dozens of different file types. However, computer users will note that the above file types are probably enough to cause a headache to most computer users. The targeting of HTML and PHP files, in particular, make it extremely irritating if the Takahiro Locker Ransomware is used to target a Web server of some sort. The Takahiro Locker Ransomware will delete the Shadow Volume Copies, preventing victims from recovering their files by using alternative recovery methods. One curious feature of the Takahiro Locker Ransomware is that it does not encrypt files in the following locations:
- Windows
- Steam
- Origin
- Program Files
- Recycle Bin
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.