THTLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 13 |
| First Seen: | October 3, 2017 |
| Last Seen: | March 1, 2023 |
| OS(es) Affected: | Windows |
The THTLocker Ransomware is a screen locker Trojan. The main purpose of the THTLocker Ransomware is to prevent the victim from gaining access to the infected computer. There are many Trojan types that carry out these attacks, preventing victims from accessing their files and demanding a ransom payment to return access to them. These threats take the victim's computer's hostage until a ransom is paid. Some ransomware Trojans do this by encrypting the victim's files, while others display threatening messages. Screen lockers like the THTLocker Ransomware display a window that cannot be closed, which prevents the victims from accessing their desktops or applications, restricting access to the infected computer as well as to the keyboard shortcuts, Windows Task Manager, and other utilities that could be used to bypass these threats.
Table of Contents
The THTLocker Ransomware is a Multiple Named Threat
The THTLocker Ransomware blocks access to the infected PC. The THTLocker Ransomware is just one of the various names that the THTLocker Ransomware is known as, and different anti-virus programs may detect it with a different alias. It seems that the most common way in which computer users become infected with the THTLocker Ransomware is after they click on an embedded link in a spam email message, or if they download an email attachment contained in a spam email message. The THTLocker Ransomware was first observed on September 27, 2017. It seems that the crooks behind the THTLocker Ransomware submitted this ransomware Trojan to online anti-virus platforms to check whether the THTLocker Ransomware is capable of bypassing commonly used security measures. This allowed PC security researchers to observe and report on the THTLocker Ransomware, preventing it from becoming too widespread.
How the THTLocker Ransomware Attacks a Computer
The THTLocker Ransomware attack is not very sophisticated. The THTLocker Ransomware modifies the Windows startup list of programs. When the victim reboots the infected computer, the THTLocker Ransomware starts up automatically, and before the Windows desktop is loaded, the THTLocker Ransomware will display a full-screen message. The THTLocker Ransomware's full-screen message is delivered on a red background and seems to emulate higher-profile ransomware Trojans. Over this solid red screen, there is a text message in the top left corner of the screen locker window. This message, written both in English and Russian, reads as follows:
'важно Ваши важнье фаилье собранньи!!!!!!
Important!!! Your PC Has Been Locked!!!
You Dont Access Your Computer...
THT Locker'
In some cases, the Desktop will load, but the THTLocker Ransomware will display a program window that contains a threatening message and prevents the victims from accessing their computers as normal. The THTLocker Ransomware seems to display a message identical to the Onion3Cry Ransomware, a better known ransomware Trojan, although it is clear that the THTLocker Ransomware is merely a copycat and there is no real connection between the two threats. The THTLocker Ransomware runs as 'Cryptolocker.exe' on infected computers, another nod to a more established ransomware Trojan. However, unlike CryptoLocker, which uses a sophisticated algorithm to encrypt the victim's data, the THTLocker Ransomware is not capable of encrypting the victims' files. The main attack method involved in a THTLocker Ransomware infection involves blocking the victims' access to their computers by displaying an intrusive, full-screen window.
Recovering from an Infection with the THTLocker Ransomware
While other ransomware infections are more threatening due to their capacity to encrypt data or use rootkit techniques, the THTLocker Ransomware attack is unsophisticated relatively. It is not that hard to recover from a THTLocker Ransomware infection. Computer users can bypass the THTLocker Ransomware screen locker window by using alternate startup methods. Even starting up the infected computer using Safe Mode is a good way of bypassing the THTLocker Ransomware screen locker. Starting up from an alternate boot source, such as a CD or a USB drive is also a good way to prevent the THTLocker Ransomware from loading. Once access has been restored to the victim's computer, most security programs should be capable of detecting and removing the THTLocker Ransomware.
SpyHunter Detects & Remove THTLocker Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | ebab0348c7e13181a414d69d3dee367f | 5 |
