ABCLocker Ransomware
Posted: July 27, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 17,394 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 393 |
| First Seen: | July 27, 2017 |
|---|---|
| Last Seen: | August 30, 2023 |
| OS(es) Affected: | Windows |
The ABCLocker Ransomware is an estimated update of the Cloudsword Ransomware, a Trojan that blocked files for ransoms after infiltrating the PC via fake Windows patches. This threat still uses encryption as a file-locking feature and may show accompanying symptoms, such as Web page-based messages asking for money. Use your anti-malware programs to delete the ABCLocker Ransomware before it can finish damaging all intended files and recover any media harmed incidentally through backups if you need to do so.
A Trojan's Sword Swings Twice
Earlier in the year, malware analysts traced activity from the Cloudsword Ransomware back to fake Windows updates, a distribution method capable of compromising a massive quantity of Web traffic. While the Trojan has been relatively quiet since then, its threat actors or ones with the same resources are working on an upgrade: the ABCLocker Ransomware. Many of the features from the previous version are intact, particularly the encryption that locks the victim's files for ransom.
The ABCLocker Ransomware uses an AES-256 cipher to encrypt and block files of dozens of formats, including both broad-used ones (such as MPEG, PDF, and ZIP) along with specialized types (like Banktivity documents, Minecraft backups or Unity 3D models). Other, less-visible attacks also may auto-close any applications that block the ABCLocker Ransomware's C&C communications, such as a firewall. Malware experts also warn that the Trojan may counteract default backup and recovery features like the System Restore.
Final symptoms from the ABCLocker Ransomware infections include HTML-based messages asking, as usual, for the victim to pay in Bitcoins for the decryption help of the threat actor. Like the previous Cloudsword Ransomware, the ABCLocker Ransomware employs a time limit for encouraging fast payments, possibly to keep the user from realizing that they will not be able to receive a refund for any lack of service.
Keeping Your ABCs of Web Security in Order
Malware researchers are seeing current versions of the ABCLocker Ransomware deploying with the capacity for enciphering just over two hundred and forty formats of media, which makes it a hazard to most types of work and recreational data. Since the ABCLocker Ransomware can damage local backups, saving your backups to non-local devices, such as USB, can give victims access to the least arduous recovery options possible. The possibility for a free decryptor for the ABCLocker Ransomware remains speculative, although you should always strive to avoid making ransom payments to con artists.
In the past, threat actors related to the ABCLocker Ransomware's predecessors utilized corrupted Web content to distribute their Trojans. Related social engineering tactics also may claim that the ABCLocker Ransomware's installation is a punishment from the government for breaking copyright law. However, these disguises shouldn't affect relevant security software's capacity to identify and remove the ABCLocker Ransomware. Disabling advertisements, pop-ups, and scripts from within your Web browser also can lower the number of exploits that the con artists have available for such attacks.
A Trojan that's silent for some time may not always be dead, but, instead, just hibernating. Until the users find ways to protect themselves from the core profit model of file-encrypting Trojans, one can assume that modern updates to old threats, like the ABCLocker Ransomware arising from the Cloudsword Ransomware, are going to be ongoing incidents.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.