Threat Database Ransomware Networklock Ransomware

Networklock Ransomware

The Networklock Ransomware is a file-locking Trojan that's a suspected variant of the MedusaLocker Ransomware. The Networklock Ransomware can block files and hold them, hostage, while it asks for a ransom for restoring them. Users can back up their files to other devices for inexpensive recovery and let most dedicated PC security products delete the Networklock Ransomware.

Trojans Letting the World Know Who They're After

File-locking Trojans aren't always shy about what targets they expect from the Internet-at-large, such as the Networklock Ransomware. This Trojan campaign resembles MedusaLocker Ransomware's variants strongly (such as the CRYPTBD Ransomware, the VinDizelPux Ransomware, the Support Ransomware or the Deathfiles Ransomware) and is attacking network entities and encrypting the files saved on vulnerable computers. This strategy turns all of a business, government, or NGO's office files into hostages.

The Networklock Ransomware is a Windows threat that uses the long-reliable locking of files through AES and RSA encryption. The feature may lock most media formats, such as documents or pictures, and appends the first part of the Networklock Ransomware's name onto their names as extra extensions.

The Trojan also may include silent background features that victims will not notice right away, such as suppressing boot-up warning messages, deleting the Restore Points and other backup data, and disabling Windows security features. As malware experts confirm repeatedly, the Trojan implements these attacks through modifications to the Windows Registry and abusing default utilities.

Once the Networklock Ransomware completes these changes, it leaves the victim with an HTML ransom note, which provides an ID, ransom demands without naming a price, a TOR website link, and warnings (which may or may not be accurate) that the hackers own data collected from the target's servers.

Raising a Strict Border against Trojan Interference

Windows users at home shouldn't forget that they're vulnerable to the Networklock Ransomware's features equally. However, since Networklock Ransomware's campaign is aiming at networks preferably, malware researchers focus on business entities, government offices and NGOs. All employees should be especially cautious around e-mail attachments, which can convey drive-by-downloads for Trojans in embedded macros and other exploits typically. These files may look like industry-related documents, invoices, resumes or other believable content.

Administrators also should remember the value of maintaining software updates, which close vulnerabilities that are often public and therefore known to attackers. Besides updating software and inspecting e-mails carefully, users also should be conservative about using features such as macros, JavaScript, Flash or Remote Desktop Protocols. Passwords that are weak due to being simple, short, or commonplace also can give hackers an edge for breaking into a network.

If all of these steps fail, users should avoid paying the ransom, if possible. Most anti-malware services will flag and remove the Networklock Ransomware, but a ransom has no promise of restoring files. As usual, preexisting backups are the best option for data recovery.

It's no secret that businesses require money and data for their operations, and the Networklock Ransomware is making the most of the fact. Without the appropriate professionalism towards server security, even a multinational corporation can be on the wrong side of Trojans like this one.


Most Viewed