Threat Database Ransomware Ocelot Locker Ransomware

Ocelot Locker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 2
First Seen: January 9, 2017
Last Seen: February 10, 2020
OS(es) Affected: Windows

The 'Ocelot Locker' Ransomware was first observed on January 9, 2017. The 'Ocelot Locker' Ransomware is being distributed probably by disguising a corrupted executable file as a popular free application available on low-quality websites. The 'Ocelot Locker' Ransomware also may be linked to various exploit kits. The 'Ocelot Locker' Ransomware does not have an encryption engine or any advanced features that, despite its appearance, emulates encryption ransomware Trojans; the 'Ocelot Locker' Ransomware is simply a screen locker that seems to have an educational purpose.

The 'Ocelot Locker' Ransomware – A Name Meaning Danger with a Good Purpose

Although the 'Ocelot Locker' Ransomware prevents computer users from accessing their machines by locking its screens, the 'Ocelot Locker' Ransomware does not affect the victims' data. However, the 'Ocelot Locker' Ransomware is designed to emulate other better-known ransomware Trojans that do carry out harmful attacks, using strong encryption methods to make the victim's files inaccessible completely. The main purpose of the 'Ocelot Locker' Ransomware is to trick computer users into believing that their machines have been infected severely by an encryption ransomware Trojan. In the case of the 'Ocelot Locker' Ransomware, it uses a ransom window that is very similar to the one used by the infamous CryptoWall family of ransomware. The 'Ocelot Locker' Ransomware uses a ransom note that is red and a shield logo that is colored in blue and white. To the right of this shield logo is the 'Ocelot Locker' Ransomware's 'ransom note,' which reads as follows:

All your personal documents, videos, mp3 files, images, or any other files have been encrypted with a military grade encryption key. The key has been stored on our server. For you to get this key you will have to pay 0.03 BTC (25 USD) and the key will be given to you.'

The 'Ocelot Locker' Ransomware Seems to be Designed to Educate the Public

It seems that the authors of the 'Ocelot Locker' Ransomware are not trying to profit from the attack but are merely harassing computer users in a misguided attempt to educate them so that they will be more cautious online. When a victim of the 'Ocelot Locker' Ransomware attack clicks on the button 'Check for the payment' located on the 'Ocelot Locker' Ransomware's ransom note, a new message pops up. This second message warns the victim to be more careful next time, including some links that provide information about how to prevent ransomware attacks. The second message that pops up is included below:

'Ocelot Ransomware
This could have been real
This could have been a real attack! Don't let Ransomware fool you into paying!
Prevention is better than desinfection!
Go ahead and download RansomFree, MalwareBytes or any antivirus for that matter.
Helpfull Links:
And just remember, prevention is better than desinfection.'

In fact, the creators of the 'Ocelot Locker' Ransomware are right when trying to prevent these attacks because prevention is the best method since once the victim's files have been encrypted, it may be too late to take any meaningful action beyond restoring the affected files from a backup copy. The best ways to prevent these attacks are to have a strong anti-malware application to protect your computer and backups of your files. However, PC security researchers do have issues with the way this 'education' is delivered to the victim. To 'educate' the victim, the 'Ocelot Locker' Ransomware does infect the victim's computer, and it would not be difficult to adapt the 'Ocelot Locker' Ransomware, and it's distribution method to turn it into a real threat. For example, taking away the second pop-up window would turn the 'Ocelot Locker' Ransomware into a typical screen locker infection. Educational ransomware like these has backfired before, often in devastating ways. For example, the HiddenTear family of ransomware that released as an educational proof of concept initially spawned countless devastating ransomware attacks since its creation.


Most Viewed