Threat Database Ransomware WickedLocker Ransomware

WickedLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 20
First Seen: November 14, 2016
Last Seen: April 14, 2022
OS(es) Affected: Windows

PC security analysts have received reports of attacks involving the WickedLocker Ransomware. After analyzing the WickedLocker Ransomware, PC security researchers have concluded that the WickedLocker Ransomware is one of the many variants of the Hidden Tear ransomware project that are in distribution currently. Hidden Tear, which was released in August of 2015, was created as an 'educational ransomware' and uploaded to Github initially. This publicly-available threat was adapted by con artists into a variety of ransomware Trojans quickly, which include the WickedLocker Ransomware infection, released more than a year later. The WickedLocker Ransomware uses the AES-256 encryption to take the victim's files hostage, by encrypting them and making them inaccessible. The WickedLocker Ransomware demands payment of 1 BitCoin, or $700 USD at the current exchange rate. This is a ransom that victims must pay if they want to receive the decryption key necessary to recover the compromised files.

Counteracting the WickedLocker Ransomware Attack

The WickedLocker Ransomware's attack is not difficult from most ransomware Trojans that are active in the wild currently. In fact, there is very little about the WickedLocker Ransomware that is original, with numerous variants on the same theme being distributed almost simultaneously to overwhelm PC security researchers and security software. Like most ransomware Trojans that are active currently, the WickedLocker Ransomware is being distributed through the use of corrupted spam email attachments. These corrupted attachments will exploit vulnerabilities in macro scripts to execute corrupted code on the victim's computer. The WickedLocker Ransomware scans the victim's computer in search for certain file types, encrypting them with its strong encryption algorithm to take them hostage. The WickedLocker Ransomware is designed to encrypt the files that could hold value to victims such as images, audio and video media, spreadsheets and other Office documents, and a variety of other file types. The WickedLocker Ransomware and its variants tend to target all files found in the following locations:

  • %UserProfile%\Desktop
  • %UserProfile%\Downloads
  • %UserProfile%\Documents
  • %UserProfile%\Pictures
  • %UserProfile%\Music
  • %UserProfile%\Videos

How the WickedLocker Ransomware Demands Its Ransom from Victims

The WickedLocker Ransomware uses common ransomware methods to demand payment from its victims. The WickedLocker Ransomware changes the victim's Desktop image and displays a window named 'the WickedLocker,' which contains the WickedLocker Ransomware's ransom note. The new Desktop image provided by the WickedLocker Ransomware contains this threat's ransom message over a red background. The same message is also displayed in the pop-up window, which also includes the option to decrypt the files after 1 BitCoin is transferred to the con artists' BitCoin Wallet. Unlike other ransomware Trojans, the WickedLocker Ransomware does not identify the files that have been encrypted with any special extension or prefix. The WickedLocker Ransomware uses a text file to deliver its ransom note, along with the pop-up Window and Desktop image. This text file is named 'READ_IT.txt' and contains the following text:

'Your personal files are locked.
To unlock your files and work normal you have to send 1 bitcoin to our wallet.
Send 1 BTC to address [random characters]'

PC Security Researchers Advise not Paying the WickedLocker Ransomware’s Ransom

Computer users should refrain from paying the WickedLocker Ransomware's ransom. It is unlikely that the people responsible for the WickedLocker Ransomware will deliver the decryption key after the computer users pay the WickedLocker Ransomware's ransom (it is equally likely that they will simply ignore the victim or turn around and ask for more money). Preventive measures are important to ensure that you are well protected from attacks like the WickedLocker Ransomware. Making sure that you have a strong backup system set up to allow recovery of your files will cost only a tiny fraction of what it would cost to pay the ransom that the people responsible for the WickedLocker Ransomware demand after the attack.

Trending

Most Viewed

Loading...