Threat Database Ransomware MemeLocker Ransomware

MemeLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 7,027
Threat Level: 10 % (Normal)
Infected Computers: 296
First Seen: April 10, 2017
Last Seen: February 14, 2023
OS(es) Affected: Windows

The MemeLocker Ransomware is a ransomware Trojan that is used to encrypt the victim's files. Con artists may use the MemeLocker Ransomware and similar Trojans to encrypt files so that the victim will be forced to pay a ransom to recover the affected files. The MemeLocker Ransomware takes the victim's files hostage until the victim pays the ransom amount. Malware analysts first observed the MemeLocker Ransomware on March 25, 2017, although it became better known on April 10 of the same year. The MemeLocker Ransomware still seem to be in development, however, since some of its characteristics do not seem fully finished. The MemeLocker Ransomware is one of the many ransomware Trojans active currently that are based on the HiddenTear open source ransomware engine. The MemeLocker Ransomware also includes screen locking capabilities. The MemeLocker Ransomware is obfuscated heavily, making it difficult for PC security researchers to study its contents. The MemeLocker Ransomware is probably being distributed through corrupted email messages including attachments that deliver text or PDF files containing corrupted scripts.

How the MemeLocker Ransomware may Infect a Computer

The MemeLocker Ransomware is contained in an executable file named 'memelocker.exe,' although some versions of the MemeLocker Ransomware may use an executable file with a randomly generated name. The MemeLocker Ransomware's corrupted file can be found in the AppData directory on the infected computer. The MemeLocker Ransomware belongs to a large family of ransomware Trojans that is written using the Microsoft .NET Framework. There are connections between the MemeLocker Ransomware and the HiddenTear open source ransomware engine, although the MemeLocker Ransomware could be a heavily modified version of this threat since it has the added capability to lock the victim's Desktop using a lock screen.

When the MemeLocker Ransomware enters a computer, it generates a list of the files that will be encrypted and encrypts them using a combination of the AES 256 and RSA 2048 to make the affected files and the decryption key inaccessible completely. The MemeLocker Ransomware communicates with its Command and Control server to relay information on the infected computer and keep the decryption key away from the victims or their security software. This makes the files encrypted by the MemeLocker Ransomware to become unrecoverable. The MemeLocker Ransomware, after encrypting the victim's files, displays a lock screen message on the infected computer. Malware researchers suspect that the MemeLocker Ransomware is a test version of an uncompleted ransomware threat because its lock screen only displays a short text message over a red background. This lock screen includes two buttons that say 'Crypt' and 'Uncrypt' but has no information on how to pay a ransom amount. The text displayed in the MemeLocker Ransomware's lock screen is short:

'You just got memed by MemeLocker'

Future Variants of the MemeLocker Ransomware Trojan

Since the MemeLocker Ransomware is still a work in progress clearly, PC security researchers suspect that new versions of the MemeLocker Ransomware will pop up gradually. This is evidenced by the fact that PC security researchers have already observed two previous versions of the MemeLocker Ransomware threat being distributed. Apart from preventing victims from accessing the desktop, the MemeLocker Ransomware's lock screen prevents computer users from accessing the Windows Task Manager, the Registry Editor, and other features that could allow computer users to bypass the MemeLocker Ransomware's lock screen. Unfortunately, even if computer users can bypass the MemeLocker Ransomware lock screen, it will still be necessary to restore the affected files from backup copies after removing the MemeLocker Ransomware infection itself.

Protecting Your Computer from the MemeLocker Ransomware

The best protection against threats like the MemeLocker Ransomware is to have a reliable security program installed and backup copies of all files. The security program can prevent the MemeLocker Ransomware from being installed in the first place. However, in the case of an infection, the ultimate protection against the MemeLocker Ransomware is to have backups of all files.


Most Viewed