Home Malware Programs Ransomware MedusaLocker Ransomware

MedusaLocker Ransomware

Posted: October 18, 2019

The MedusaLocker Ransomware is a file-locking Trojan targeting Windows systems. The MedusaLocker Ransomware stops your media, such as documents, from opening by using encryption on them automatically and delivers ransom demands in a note on your desktop. Users should save backups for recovering their work carefully and let anti-malware software handle eliminating the MedusaLocker Ransomware.

Introducing the Imposter's Imposter

Depending on the looks of Trojan infections for determining the correct solution is a high-risk gamble. Families imitating their competitors, such as the Globe Imposter Ransomware versus the original Globe Ransomware, aren't unknown. Now, malware researchers are seeing a copy of a copy – the MedusaLocker Ransomware, which borrows the Globe Imposter Ransomware message, but not its encryption.

The MedusaLocker Ransomware, like the Trojan families of above, is a Windows program. The defining features of its payload include:

  • The MedusaLocker Ransomware encrypts media, such as JPG pictures, Notepad TXT documents, or MP3 audio, with an unidentified algorithm. This process makes the file non-opening.
  • The MedusaLocker Ransomware denotes this captured content by adding an 'encrypted' extension without taking out the original (such as 'picture.jpg.encrypted').
  • After completing the previous attacks, the MedusaLocker Ransomware creates an HTML file for the desktop. This local Web page contains its ransoming instructions on buying the decryptor and is very similar to the ones of Globe Imposter Ransomware visually – including the deadline, free sample and complex ID string.

While the MedusaLocker Ransomware looks nearly identical to some versions of Globe Imposter 2.0 Ransomware, the file-locking routine is a different one. Victims of the MedusaLocker Ransomware that decrypt their work with a service for that family will damage their files and make them genuinely unrecoverable.

Sidling Out of the Petrifying Gaze of a Trojan

File-locking Trojans can get their victims by distributing themselves as torrents or attaching to e-mail messages, both of which users the opportunity for rejecting the unsafe content outright. Malware experts also are finding many Trojans with encryption payloads like the MedusaLocker Ransomware's attacks using manual distribution, or threat actors who gain remote access to the target machine and drop the threat. Non-secure RDP features and login credentials for network admins have close links to such incidents.

Samples of the MedusaLocker Ransomware are imitating the Windows 'svchost' process, but do so with the name of 'svchostt.exe.' Apparent typos in system-critical processes are symptoms of the presence of threatening software that's disguising itself while maintaining persistence. Users can scan memory processes periodically for determining the safety of all active programs and avoid infection vectors, such as macros in e-mail attachments.

What the MedusaLocker Ransomware looks like and what it is are two different things. The cures to Trojan attacks, on a technical level, aren't always what they seem, but it's still best to avoid the circumstance that's endangering your computer from the start.

Loading...