StalinLocker Wiper

The StalinLocker Wiper is often referred to as a ransomware or screen locker Trojan. PC security analysts first observed the StalinLocker Wiper in the third week of May 2018. It seems that the StalinLocker Wiper is under development currently since there are several aspects of the StalinLocker Wiper malware that seems unfinished. The StalinLocker Wiper has characteristics that are associated with Trojans designed to delete data on the victims' computers. The StalinLocker Wiper also has characteristics of a malware designed to block access to the victim's computers. It is clear that the StalinLocker Wiper was designed to harass computer users so that taking precautions can repeal the StalinLocker Wiper and other threats of this type.

The StalinLocker Wiper may Delete Your Data

The most common way of distributing the StalinLocker Wiper is through the use of corrupted phishing email messages and corrupted, fake updates for Web browser plugins or third-party platforms such as Java and Flash. The StalinLocker Wiper poses a severe threat because the StalinLocker Wiper is designed to delete the victim's data completely. Once the StalinLocker Wiper has carried out its attack, the victims will lose important data from their computers permanently.

How the StalinLocker Wiper Carries out Its Attack

The StalinLocker Wiper threatens the victims with deleting their data permanently if a 'disarm code' is not entered into a lock screen window. The StalinLocker Wiper runs in the form of an executable file named staline.exe stored in the AppData directory. When the StalinLocker Wiper carries out its attack, the StalinLocker Wiper delivers a full-screen program window that includes a picture of Josef Stalin and plays an MP3 file named USSR_Anthem.mp3 while displaying the message. The StalinLocker Wiper is themed around Stalin and the Soviet Union, and seems, in some way, to use some Soviet nationalist message in its attack. The message contained in the StalinLocker Wiper lock screen reads:

'Победа социализма в нашей стране обеспечена
Фундамент социалистической экономики завершен
Реальность нашего производственного плана - это миллионы трудящихся творящие новую жизнь.
И. Сталин.'

The following is the above message translated to English:

'The victory of socialism in our country is assured
The foundation of the socialist economy is complete
The reality of our production plan is millions of working people who are creating a new life.
J. Stalin.'

The victim has eleven minutes to enter a disarm code, in the form of a sequence of numbers. To arrive at the right sequence, the victim has to subtract 1922.12.30 from the current date. These numbers correspond to December 30, 1922, the date when the Soviet Union was established after the Russian Revolution. Failure to enter the correct disarm code results in the StalinLocker Wiper deleting the victim's data by wiping all local drives. The StalinLocker Wiper also will terminate all Windows Explorer and Windows Task Manager processes when it runs. It seems that the StalinLocker Wiper is designed to harass computer users via its lock screen specifically, unlike other Trojans that carry out these attacks to ask for a ransom payment and generate revenue this way at the expense of the computer users.

Protecting Your Data from Threats Like the StalinLocker Wiper

The best protection against threats like the StalinLocker Wiper is to have file backups. If one has adequate backups on the right place, then there is no need to deal with the harassment of the StalinLocker Wiper and other types of threats since the files can be recovered easily. You should prevent the StalinLocker Wiper from being installed in the first place by using reputed security software and anti-spam technology. There are many variants of these threats, which may include threats that ask the victim to play a video game or enter a random string to remove the lock screen. In various cases, starting in Safe Mode can prevent the threat from loading long enough to run a security program on the affected PC.