Elmer's Glue Locker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | May 30, 2017 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Elmer's Glue Locker Ransomware is a ransomware Trojan that is used to mock and scare inexperienced computer users to demand a ransom payment from them. The Elmer's Glue Locker Ransomware claims to encrypt the victim's files. However, the Elmer's Glue Locker Ransomware does not encrypt the victims' files, either because it is in an unfinished state or it is merely designed to rely on its scare tactics rather than being a threat. The Elmer's Glue Locker Ransomware demands a ridiculously high ransom amount of 16 BitCoin, which at the current exchange rate is equivalent to approximately $36,000 USD.
Table of Contents
How the Elmer’s Glue Locker Ransomware Infection Works
Paying the Elmer's Glue Locker Ransomware ransom is not a viable solution to this attack. Fortunately, since the Elmer's Glue Locker Ransomware does not encrypt the victims' files, it is not a serious threat and can be removed with the help of a reliable security program that is fully up-to-date easily. Since computer users may be prevented from accessing their machines by the Elmer's Glue Locker Ransomware ransom message, however, it may be necessary to use an alternate start-up method or Safe Mode to bypass the Elmer's Glue Locker Ransomware ransom notification and regain access to the infected computer.
The Elmer's Glue Locker Ransomware is still under development clearly since in its attack it does not carry out a functional encryption of the victim's computer. This is not unique since there are numerous threats similar to the Elmer's Glue Locker Ransomware displaying scary messages on the victim's computer and then demanding the payment of a ransom, but not encrypting data or doing anything else beyond threatening the victim.
What is the Goal fo Attacks Like the Elmer’s Glue Locker Ransomware
It is likely that the Elmer's Glue Locker Ransomware will spread through the use of corrupted email attachments. PC security researchers have not noticed any communication between the Elmer's Glue Locker Ransomware and a Command and Control server of any kind. The Elmer's Glue Locker Ransomware's main attack simply consists in dropping a text file on the victim's computer and placing this text file in various directories. This file, named 'HOW_CAN_I_DECRYPT_MY_FILES.txt' will contain the following message:
'Your IMPORTANT FILES WERE ENCRYPTED on this computer: documents, databases, photos, videos, etc.
Encryption was prodused using unique public key for this computer.
To decrypt files, you need to obtain private key and special tool.
To retrieve the private key and tool find your pc key file with '.key.~xdata~' extension.
Depending on your operation system version and personal settings, you can find it in:
'C:/',
'C:/ProgramData',
'C:/Documents and Settings/All Users/Application Data',
'Your Desktop'
folders (eg. 'C:/PC-TTT54M#45CD.key.~xdata~').
Then send it to one of following email addresses:
begins@colocasia.org
bilbo@colocasia.org
frodo@colocasia.org
trevor@thwonderfulday.com
bob@thwonderfulday.com
bil@thwonderfulday.com
Your ID: {REMOVED}#4FDBF87A34166C70955ED0ECBC1DDFCD
Do not worry if you did not find key file, anyway contact for support.'
The Elmer's Glue Locker Ransomware also will change the infected computer's desktop image, replacing it with a message containing the Elmer's Glue Locker Ransomware ransom note. The Elmer's Glue Locker Ransomware demands that the victim pays a ridiculously large amount connecting through the TOR network to an anonymous website to carry out the payment by using BitCoins. Of course, PC security researchers have not noted any payments made to its associated BitCoin address since the Elmer's Glue Locker Ransomware infection is not functional and the ransom amount is extraordinarily high.
Protecting Your Computer from the Elmer’s Glue Locker Ransomware and Similar Threats
The best protection against real ransomware Trojans is to have file backups. In the event that the Elmer's Glue Locker Ransomware could encrypt the victims' files (as many ransomware Trojans do), it is necessary to have backups to help recover quickly from the attack. To intercept and remove the Elmer's Glue Locker Ransomware infection, a reliable security program that is fully up-to-date also should be used.
SpyHunter Detects & Remove Elmer’s Glue Locker Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 41cc8d45953dbd54044cee46dc392668 | 0 |
