MemeLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 7,181 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 360 |
| First Seen: | April 10, 2017 |
| Last Seen: | September 18, 2023 |
| OS(es) Affected: | Windows |
The MemeLocker Ransomware is a ransomware Trojan that is used to encrypt the victim's files. Con artists may use the MemeLocker Ransomware and similar Trojans to encrypt files so that the victim will be forced to pay a ransom to recover the affected files. The MemeLocker Ransomware takes the victim's files hostage until the victim pays the ransom amount. Malware analysts first observed the MemeLocker Ransomware on March 25, 2017, although it became better known on April 10 of the same year. The MemeLocker Ransomware still seem to be in development, however, since some of its characteristics do not seem fully finished. The MemeLocker Ransomware is one of the many ransomware Trojans active currently that are based on the HiddenTear open source ransomware engine. The MemeLocker Ransomware also includes screen locking capabilities. The MemeLocker Ransomware is obfuscated heavily, making it difficult for PC security researchers to study its contents. The MemeLocker Ransomware is probably being distributed through corrupted email messages including attachments that deliver text or PDF files containing corrupted scripts.
Table of Contents
How the MemeLocker Ransomware may Infect a Computer
The MemeLocker Ransomware is contained in an executable file named 'memelocker.exe,' although some versions of the MemeLocker Ransomware may use an executable file with a randomly generated name. The MemeLocker Ransomware's corrupted file can be found in the AppData directory on the infected computer. The MemeLocker Ransomware belongs to a large family of ransomware Trojans that is written using the Microsoft .NET Framework. There are connections between the MemeLocker Ransomware and the HiddenTear open source ransomware engine, although the MemeLocker Ransomware could be a heavily modified version of this threat since it has the added capability to lock the victim's Desktop using a lock screen.
When the MemeLocker Ransomware enters a computer, it generates a list of the files that will be encrypted and encrypts them using a combination of the AES 256 and RSA 2048 to make the affected files and the decryption key inaccessible completely. The MemeLocker Ransomware communicates with its Command and Control server to relay information on the infected computer and keep the decryption key away from the victims or their security software. This makes the files encrypted by the MemeLocker Ransomware to become unrecoverable. The MemeLocker Ransomware, after encrypting the victim's files, displays a lock screen message on the infected computer. Malware researchers suspect that the MemeLocker Ransomware is a test version of an uncompleted ransomware threat because its lock screen only displays a short text message over a red background. This lock screen includes two buttons that say 'Crypt' and 'Uncrypt' but has no information on how to pay a ransom amount. The text displayed in the MemeLocker Ransomware's lock screen is short:
'You just got memed by MemeLocker'
Future Variants of the MemeLocker Ransomware Trojan
Since the MemeLocker Ransomware is still a work in progress clearly, PC security researchers suspect that new versions of the MemeLocker Ransomware will pop up gradually. This is evidenced by the fact that PC security researchers have already observed two previous versions of the MemeLocker Ransomware threat being distributed. Apart from preventing victims from accessing the desktop, the MemeLocker Ransomware's lock screen prevents computer users from accessing the Windows Task Manager, the Registry Editor, and other features that could allow computer users to bypass the MemeLocker Ransomware's lock screen. Unfortunately, even if computer users can bypass the MemeLocker Ransomware lock screen, it will still be necessary to restore the affected files from backup copies after removing the MemeLocker Ransomware infection itself.
Protecting Your Computer from the MemeLocker Ransomware
The best protection against threats like the MemeLocker Ransomware is to have a reliable security program installed and backup copies of all files. The security program can prevent the MemeLocker Ransomware from being installed in the first place. However, in the case of an infection, the ultimate protection against the MemeLocker Ransomware is to have backups of all files.
URLs
MemeLocker Ransomware may call the following URLs:
| search.memetab.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.