The Paralock Ransomware is a file-locking Trojan that encrypts the user's documents, pictures, and other media so that they can't open. The Paralock Ransomware monetizes its attacks by creating ransom notes that sell a premium data recovery service to any victims. Users should have backups for saving their work and let anti-malware tools delete the Paralock Ransomware as they detect it.
Asian Parasites Latching onto Unprotected Windows Users
While China's wet meat markets earned more than their share of notoriety from instigating the Coronavirus epidemic, Asia also is a prolific source for another danger: file-locking Trojans. A recent experiment in this area targets Windows users in the same place, locking their files in a stereotypical series of attacks like the Dharma Ransomware, the Globe Ransomware, and numerous others. The new threat: the Paralock Ransomware.
Malware researchers estimate that the Paralock Ransomware is a variant of the Parasite Ransomware program, which offers a similar theme and payload. Both threats use encryption for locking media files, including documents and other text, spreadsheets, music, pictures, movies, and more. In the Paralock Ransomware's case, it also identifies each file that it converts into a digital prisoner by adding a 'paralock' extension.
The Paralock Ransomware launches an HTA file as a pop-up that delivers its ransom note. The message is superficially different from the Parasite Ransomware version but continues offering an e-mail-based negotiation over restoring the user's files for a not-yet-established price. Malware experts also point out that the Paralock Ransomware incorrectly classifies itself as a virus – a threat that injects its code into other files. Fortunately, the Paralock Ransomware is a very-conventional Trojan without unusual self-distribution or infection features.
Curing File Parasitis Reliably
While the Paralock Ransomware's executable uses a Chinese name, its encryption feature may harm Windows users worldwide. All users should have backups for protecting themselves from this threat; in ideal circumstances, backups are on other devices that Trojans can't wipe or encrypt. However, there's no verification of the Paralock Ransomware having the all-too-common feature of deleting Restore Points, which is another recovery option.
Users should continue maintaining strict security standards that block threats like this one and the typical attacks leading to their installation. Recommended protocols include, but aren't limited to disabling browser 'script' features, using strong passwords, routinely updating software, and avoiding unofficial or illegal downloads. E-mail attachments also bear emphasis as infection vectors.
There aren't any free decryption utilities for the Paralock Ransomware or the Parasite Ransomware. Still, victims may submit samples to interested security researchers for further investigation. Infected Windows systems should receive prompt disinfection by anti-malware tools that can remove the Paralock Ransomware on sight.
No nation, regardless of economic or military might, can slack on digital defenses. the Paralock Ransomware is assailing Chinese PCs but could always come to other shores sooner or later.