ABCLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 17,013 |
Threat Level: | 50 % (Medium) |
Infected Computers: | 168 |
First Seen: | July 27, 2017 |
Last Seen: | August 30, 2023 |
OS(es) Affected: | Windows |
The ABCLocker Ransomware is an encryption ransomware Trojan that was first observed on July 27, 2017. The ABCLocker Ransomware behaves very similarly to other ransomware Trojans released close to that date: the Matroska Ransomware and the Mole03 Ransomware. There is very little to differentiate the ABCLocker Ransomware from these or from the countless other encryption ransomware Trojans that are active currently. They all have the same basic goal; encrypt the victim's files and then demand a ransom payment in exchange for the decryption key necessary for recovering the affected files.
Table of Contents
Prevention is the Key to Avoid the ABCLocker Ransomware Trojan
The ABCLocker Ransomware may be delivered to the victim using spam email attachments. This is a typical way of delivering encryption algorithm Trojans. Victims will receive an email message with an attached Microsoft Word document. This document will use corrupted macros to download and install the ABCLocker Ransomware onto the victim's computer. In consquence of this, the best protection against the ABCLocker Ransomware is to handle spam email messages correctly and disallow macros to run on Microsoft Word automatically. Once the ABCLocker Ransomware is installed on the infected computer, it will begin encrypting the victim's data.
How the ABCLocker Ransomware Carries out Its Attack
The ABCLocker Ransomware connects to Command and Control servers on the TOR network. The ABCLocker Ransomware's attack is typical of these infections: the ABCLocker Ransomware encrypts the victim's files using a strong encryption algorithm and then demands a ransom payment from the victim in exchange for the decryption key. In its attack, the ABCLocker Ransomware will encrypt a wide variety of file types, including the following:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
Once the ABCLocker Ransomware encrypts a file, it will no longer be readable and will appear as a blank icon in Windows Explorer. The ABCLocker Ransomware does not mark the affected files in any other way (unlike other ransomware Trojans, which add a new file extension to the encrypted files.) The ABCLocker Ransomware, apart from the encryption process, also will delete the Shadow Volume copies of affected files and the System Restore points, making it impossible for computer users to recover their data using these alternate means.
Dealing with the ABCLocker Ransomware
After the ABCLocker Ransomware attack, victims of the ABCLocker Ransomware infection are asked to contact its perpetrators via email and pay 0.5 BTC for the decryption application. The people responsible for the ABCLocker Ransomware use the email address 'abchelper@sigaint.org.' PC security analysts strongly advise computer users against doing this. Contacting the people responsible for these attacks rarely is a good idea; they may ignore any ransom payments, demand more money, or target the victim in future attacks specifically. Instead of paying, it is important to have protective measures against the ABCLocker Ransomware and other encryption ransomware Trojans. The best of these is to have file backups on a movable memory device or the cloud. Having the ability to replace the compromised files from a backup means that the people responsible for the ABCLocker Ransomware attack no longer have leverage over the victim; there is no longer any need to pay the ransom since the files affected by the ABCLocker Ransomware attack can be replaced easily. Apart from backups, a reliable security application and a good anti-spam filter are good options to prevent the ABCLocker Ransomware infections.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.