Home Malware Programs Ransomware KoreanLocker Ransomware

KoreanLocker Ransomware

Posted: January 9, 2018

Threat Metric

Threat Level: 8/10
Infected PCs: 88
First Seen: May 8, 2023
OS(es) Affected: Windows

The KoreanLocker Ransomware is a file-locking Trojan that uses data-encoding attacks from the Hidden Tear family. An infection can prevent you from opening any files that the KoreanLocker Ransomware locks automatically, such as documents or pictures. Ignoring the ransom demands of this threat in favor of other recovery solutions, and having dedicated anti-malware programs capable of deleting the KoreanLocker Ransomware, are the recommendations of malware experts.

Korea under Digital Fire Again

Small-scale threat actors are leveraging another campaign of file-locking threats against Korea, adding a new member to localized Hidden Tear variants that include the File-Locker Ransomware, the Korean Ransomware and the RansomMine Ransomware. This brand-new modification of Utku Sen's Hidden Tear project, the KoreanLocker Ransomware, shows some of the typical indicators of being a minor campaign that's attacking recreational systems instead of corporate, government or NGO ones. However, even as a 'minor' threat, it can deprive the users of their files, possibly in perpetuity.

Like almost any member of Hidden Tear, from the AutoEncryptor Ransomware to the Xampp Locker Ransomware, the KoreanLocker Ransomware uses an AES-based cryptography method for purposes of blocking different formats of non-critical media files. Users can presume the KoreanLocker Ransomware of targeting, in particular, content associated with the Microsoft Office range of programs, such as DOCs, as well as pictures. The '.locked' extension that it also adds, although cosmetic, does provide any victims with a visual symptom to determine what files they can no longer open.

The KoreanLocker Ransomware deposits a Korean-language text message for encouraging any affected users to pay in the Bitcoin cryptocurrency to get their files restored with the withheld decryption key. The threat actor's use of a free e-mail service implies limited resources for the campaign, and the ransom amount of one Bitcoin (equal to fourteen thousand USD or 15879319 South Korean Won) is high inappropriately, relative to Hidden Tear's file-locking security. Malware experts note it as being likely that the authors chose the amount purely for simplicity versus PC users with limited cryptocurrency knowledge.

Bringing Peace to Korean Hard Drives

While the KoreanLocker Ransomware's threat actors use their campaign for selling file-unlocking solutions, there do exist online, free alternatives. Hidden Tear isn't challenging to decrypt in comparison to other families of file-locking Trojans, such as the Globe Ransomware or the Jigsaw Ransomware notably. However, malware researchers always urge users with digital content of any value to store additional copies on secure, remote drives, which can act as a primary defense against all file-locking threats, regardless of the decryption feasibility.

Corrupted website scripts, spam e-mails, and fake file-sharing content all constitute potential infection vectors for file-locking Trojans. Other than its being likely of using Korean-specific content, malware experts can't predict what methods that the KoreanLocker Ransomware may use for infecting your PC definitively. However, the Trojan is Windows-specific, and appropriate anti-malware solutions for that OS should eliminate the KoreanLocker Ransomware readily.

Although it's not an impressive update from the original Hidden Tear, the KoreanLocker Ransomware can be problematic for any users who don't take proper care of their documents and other media. Virtually any populated region and many sparsely populated ones are potential targets for campaigns by cybercrooks who want money for giving you your belongings.

Loading...