BlackBerry Researchers Discover New Ransomware Family That Targets Windows Systems
Connect with us

Plato Vertical Search

Cyber Security

BlackBerry Researchers Discover New Ransomware Family that Targets Windows Systems

Security researchers at BlackBerry have identified a new Ransomware-as-a-Service (RaaS) family on March 16 and traced it back to its alleged beta stage release. The strain, called LokiLocker, encrypts victims’ files, renders compromised systems unusable, and demands a ransom to restore access. The malicious service also tries to shake off unwanted attention by framing Iranian […]

BlackBerry Researchers Discover New Ransomware Family that Targets Windows Systems

Security researchers at BlackBerry have identified a new Ransomware-as-a-Service (RaaS) family on March 16 and traced it back to its alleged beta stage release.

The strain, called LokiLocker, encrypts victims’ files, renders compromised systems unusable, and demands a ransom to restore access. The malicious service also tries to shake off unwanted attention by framing Iranian threat actors.

LokiLocker was first spotted on the web last August, targeting Windows PCs of English-speakers.

“LokiLocker encrypts victim’s files on local drives and network shares with a standard combination of AES for file encryption and RSA for key protection,” according to BlackBerry’s security advisory. “It then asks the victim to email the attackers to obtain instructions on how to pay the ransom.”

So far, LokiLocker seems to have the same encryption capabilities as many other known ransomware strains. However, threat actors can also configure it to wipe all non-system files and overwrite the MBR, thus making the system unusable.

“LokiLocker also boasts an optional wiper functionality — if the victim doesn’t pay up in the timeframe specified by the attacker, all non-system files will be deleted and the MBR overwritten, wiping all the victim’s files and rendering the system unusable. With a single stroke, everyone loses,” according to the advisory.

Reportedly, LokiLocker could be programmed to exclude certain countries from encryption and wiping, but further research found only Iran on the list of exceptions. Additionally, the exception rule hasn’t even been implemented, leading experts to believe that the references to Iranian threat actors might be a diversion to avoid unwanted attention.

At the moment, no free tool to decrypt content ciphered by LokiLocker exists.

Related Streams

EdTech

May 19, 2022 Share Your SITE 2022 Papers Filed under: virtual school — Michael K. Barbour @ 8:04 am Tags: AACE, Association for the Advancement...

EdTech

May 19, 2022 Share Your SITE 2022 Papers Filed under: virtual school — Michael K. Barbour @ 8:04 am Tags: AACE, Association for the Advancement...

EdTech

May 19, 2022 Share Your SITE 2022 Papers Filed under: virtual school — Michael K. Barbour @ 8:04 am Tags: AACE, Association for the Advancement...

Cannabis

DETROIT – An x-ray scan of a semi truck at a Detroit cargo facility revealed more than a ton of marijuana hidden inside boxes...