Ocelot Locker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 2 |
First Seen: | January 9, 2017 |
Last Seen: | February 10, 2020 |
OS(es) Affected: | Windows |
The 'Ocelot Locker' Ransomware was first observed on January 9, 2017. The 'Ocelot Locker' Ransomware is being distributed probably by disguising a corrupted executable file as a popular free application available on low-quality websites. The 'Ocelot Locker' Ransomware also may be linked to various exploit kits. The 'Ocelot Locker' Ransomware does not have an encryption engine or any advanced features that, despite its appearance, emulates encryption ransomware Trojans; the 'Ocelot Locker' Ransomware is simply a screen locker that seems to have an educational purpose.
The 'Ocelot Locker' Ransomware – A Name Meaning Danger with a Good Purpose
Although the 'Ocelot Locker' Ransomware prevents computer users from accessing their machines by locking its screens, the 'Ocelot Locker' Ransomware does not affect the victims' data. However, the 'Ocelot Locker' Ransomware is designed to emulate other better-known ransomware Trojans that do carry out harmful attacks, using strong encryption methods to make the victim's files inaccessible completely. The main purpose of the 'Ocelot Locker' Ransomware is to trick computer users into believing that their machines have been infected severely by an encryption ransomware Trojan. In the case of the 'Ocelot Locker' Ransomware, it uses a ransom window that is very similar to the one used by the infamous CryptoWall family of ransomware. The 'Ocelot Locker' Ransomware uses a ransom note that is red and a shield logo that is colored in blue and white. To the right of this shield logo is the 'Ocelot Locker' Ransomware's 'ransom note,' which reads as follows:
'YOUR FILES HAVE BEEN ENCRYPTED
All your personal documents, videos, mp3 files, images, or any other files have been encrypted with a military grade encryption key. The key has been stored on our server. For you to get this key you will have to pay 0.03 BTC (25 USD) and the key will be given to you.'
The 'Ocelot Locker' Ransomware Seems to be Designed to Educate the Public
It seems that the authors of the 'Ocelot Locker' Ransomware are not trying to profit from the attack but are merely harassing computer users in a misguided attempt to educate them so that they will be more cautious online. When a victim of the 'Ocelot Locker' Ransomware attack clicks on the button 'Check for the payment' located on the 'Ocelot Locker' Ransomware's ransom note, a new message pops up. This second message warns the victim to be more careful next time, including some links that provide information about how to prevent ransomware attacks. The second message that pops up is included below:
'Ocelot Ransomware
This could have been real
This could have been a real attack! Don't let Ransomware fool you into paying!
Prevention is better than desinfection!
Go ahead and download RansomFree, MalwareBytes or any antivirus for that matter.
Helpfull Links:
xxxxs://www.avast.com/c-ransomware
xxxxs://ransomfree.cybereason.com
xxxxs://www.malwarebytes.com
And just remember, prevention is better than desinfection.'
In fact, the creators of the 'Ocelot Locker' Ransomware are right when trying to prevent these attacks because prevention is the best method since once the victim's files have been encrypted, it may be too late to take any meaningful action beyond restoring the affected files from a backup copy. The best ways to prevent these attacks are to have a strong anti-malware application to protect your computer and backups of your files. However, PC security researchers do have issues with the way this 'education' is delivered to the victim. To 'educate' the victim, the 'Ocelot Locker' Ransomware does infect the victim's computer, and it would not be difficult to adapt the 'Ocelot Locker' Ransomware, and it's distribution method to turn it into a real threat. For example, taking away the second pop-up window would turn the 'Ocelot Locker' Ransomware into a typical screen locker infection. Educational ransomware like these has backfired before, often in devastating ways. For example, the HiddenTear family of ransomware that released as an educational proof of concept initially spawned countless devastating ransomware attacks since its creation.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.