Threat Database Ransomware zScreenlocker Ransomware

zScreenlocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 1,150
Threat Level: 20 % (Normal)
Infected Computers: 36,535
First Seen: November 7, 2016
Last Seen: September 21, 2023
OS(es) Affected: Windows

The zScreenlocker Ransomware is a ransomware Trojan that scares computer users during its attack. The zScreenlocker Ransomware promotes a hate speech by using the text 'BAN ISLAM' over a background comprised of the flag of Brazil. The zScreenlocker Ransomware is aimed toward computer users located in Brazil while inciting hate against Muslims. Although the zScreenlocker Ransomware's behavior is not typical of most ransomware Trojans, it is a rare variant that has a political or hates speech cause, which is relatively rare in these attacks. Regardless of these specific characteristics of the zScreenlocker Ransomware attack, the zScreenlocker Ransomware infection is a straightforward screen locker attack that can be resolved with the use of a reliable security program that is fully up-to-date.

The Ransomware that Spreads Hate

Curiously enough, the number of Muslims in Brazil is surprisingly low. In the last census, there are only about 35 thousand people in a country with a population of 200 million. Banning Islam in Brazil is not a big priority, although it does reflect a climate of Islamophobia that is being lived around the world (with Brazil not being an exception). The zScreenlocker Ransomware is being distributed in a typical method, which involves attaching corrupted Office or PDF documents to spam email messages. These documents, which have macros enabled, exploit vulnerabilities in the macro functionality in many programs used to read these documents. Using these macros, the zScreenlocker Ransomware can execute corrupted code on the victim's computer while bypassing anti-malware protection that could be installed on the victim's computer.

Once installed, the zScreenlocker Ransomware makes changes to the infected computer's start-up routines, ensuring that the zScreenlocker Ransomware runs and displays a lock screen automatically. The zScreenlocker Ransomware's lock screen prevent computer users from accessing their files on the infected computer. This can be bypassed by using Safe Mode or an alternate startup method to bypass the zScreenlocker Ransomware when loading Windows. A reliable security program can then be used to detect and remove the zScreenlocker Ransomware infection itself. Some of the names that have been assigned to the zScreenlocker Ransomware and its variants by common anti-malware programs include:

  • Atros3.APYR
  • Gen:Variant.MSILPerseus.31506
  • HEUR:Trojan.Win32.Generic
  • Ransom_ZLOCK.A
  • Trojan.MSILPerseus.D7B12
  • Trojan.Win32.Generic!BT
  • Trojan.Winlock
  • Trojan/Win32.Generic.N2144709652
  • Win32.Trojan.WisdomEyes.16070401.9500.9572
  • trojanspy.win32.skeeyah.a!rfn

It is clear that most of the zScreenlocker Ransomware infections are focused on Brazil and South America currently. Computer users that receive emails from these locations or visit websites located in these countries regularly would be advised to ensure that all of their anti-malware protections are up-to-date. Software should be completely updated, and measures should be taken to ensure that the zScreenlocker Ransomware does not infiltrate your computer.

Protecting Your Computer from the zScreenlocker Ransomware Attacks

The main way to prevent the zScreenlocker Ransomware attacks is to learn to use email safely. Computer users are advised to avoid opening unsolicited email attachments and exercise caution when handling emails from unsolicited sources. This alone will stop most threat attacks, including the zScreenlocker Ransomware. Malware analysts also advise that computer users use a reliable security program that is fully up-to-date to protect their computers from the zScreenlocker Ransomware infection and other threats. The combination of a strong security program and safer email handling techniques should be enough to stop most of these attacks.

PC security analysts strongly advise against paying any ransom associated with the zScreenlocker Ransomware or similar attacks. In most cases, the people responsible for the threat attack will not provide the means to remove the ransomware from the infected computer, or will simply ask for more money from the victim. Paying these ransoms also allows con artists to continue developing and distributing threats, claiming more victims. These attacks should be stopped, especially when they involve the spread of hate speech as is the case with the zScreenlocker Ransomware and its anti-Islam message.

URLs

zScreenlocker Ransomware may call the following URLs:

worldcoolfeed.com

Trending

Most Viewed

Loading...