BrLock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 71 |
| First Seen: | August 10, 2016 |
| Last Seen: | January 4, 2026 |
| OS(es) Affected: | Windows |
The BrLock Ransomware is a ransomware Trojan that is designed to take a computer hostage. PC security analysts first observed the BrLock Ransomware on April 18, 2016. Until very recently, the BrLock Ransomware had only targeted computer users in Russia. In fact, earlier versions of the BrLock Ransomware didn't even bother to ask for the ransom in species other than the Russian Ruble. The BrLock Ransomware's ransom was 1000 Rubles, approximately $15 USD. This is a particularly low ransom amount when compared to the ransoms demanded by ransomware Trojans active outside of Russia, which are in the $200 to $500 USD range. If the BrLock Ransomware has infected your computer, PC security analysts strongly recommend removing the BrLock Ransomware with the help of a security program immediately and refraining from paying the BrLock Ransomware's ransom.
Table of Contents
It is not Difficult to Recover the Control of a PC Infected with the BrLock Ransomware
Fortunately, the BrLock Ransomware is not an encryption ransomware. Rather, the BrLock Ransomware belongs to a much older category of ransomware, which simply blocks access to the victim's computer by displaying a lockscreen. The BrLock Ransomware does not encrypt or delete files on the victims' computers. The BrLock Ransomware merely prevents access to the infected computer through the use of a lockscreen. Computer users can recover access to their computers simply by using an alternate start-up method to access their machines. Once access has been restored, the removal of the BrLock Ransomware is a simple matter of using an anti-malware program that is fully up-to-date. Some ways to bypass the BrLock Ransomware's lockscreen include starting up Windows in Safe Mode, using an alternate boot method, or accessing the infected hard drive from a different operating system.
Dealing with the BrLock Ransomware and Preventing Future Attacks
he best way to deal with a BrLock Ransomware infection is to bypass the lockscreen using an alternate boot method and then to use a reliable security program that is fully up-to-date to access the infected computer. Keep in mind that there is no truth to any of the contents of the BrLock Ransomware's ransom note. It is written in a way designed to be alarming and to convince inexperienced computer users that they need to pay the BrLock Ransomware's ransom. Rather than following the instructions in the BrLock Ransomware's ransom note, PC security analysts instead recommend keeping calm, bypassing the BrLock Ransomware's ransom note, and then using a powerful anti-malware program to remove the BrLock Ransomware infection itself.
Ransomware threats like the BrLock Ransomware may be distributed through the use of embedded links or corrupted email attachments that lead to attack websites. When computer users open this content, the BrLock Ransomware or a similar threat is installed on the victim's computer. The best protection against the BrLock Ransomware and similar threats is to avoid accessing unsolicited email attachments or links embedded in unsolicited email messages. The con artists have become very adept at imitating legitimate email messages to deliver these threats. Common hoaxes include fake bank statements, invoices from shipping companies, and bogus airline or hotel reservations. This is why a strong anti-spam filter and anti-malware software for your email is also important since it prevents these corrupted emails from making it to your email inbox in the first place.
Removing the BrLock Ransomware
Computer users will need to use an alternate start-up method to bypass the BrLock Ransomware lockscreen. This screen prevents computer users from running any applications or accessing Windows until the ransom is paid. Computer users can use Safe Mode to boot up Windows without starting up the BrLock Ransomware automatically. Once access has been restored, threats like the BrLock Ransomware can be removed with a reliable anti-malware program easily, as long as it is fully up-to-date and capable of recognizing the BrLock Ransomware.
Analysis Report
General information
| Family Name: | Trojan.Kryptik.ZH |
|---|---|
| Packers: | UPX |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
9f259949883970f77bd61f8fa2aa28ed
SHA1:
6cf2f4392b469bc0644a5d8e2777b9448a5280b7
SHA256:
3B2C26A39B3649DAD339FF585658A3E2CC6ECE0CA7CB99B5FF205C5FBDA0F162
File Size:
307.71 KB, 307712 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- big overlay
- No Version Info
- packed
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 927 |
|---|---|
| Potentially Malicious Blocks: | 4 |
| Whitelisted Blocks: | 916 |
| Unknown Blocks: | 7 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
