Home Malware Programs Ransomware MegaLocker Ransomware

MegaLocker Ransomware

Posted: March 18, 2019

The MegaLocker Ransomware is a file-locking Trojan of no known family that encrypts your media with an AES algorithm and creates text messages demanding ransoms for an unlocker. The MegaLocker Ransomware's campaign is targeting websites through unknown vulnerabilities that could include spam e-mails, using software vulnerabilities or cracking weak admin logins. Admins can use strong passwords and similar security steps for counteracting any infection methods, anti-malware tools for removing the MegaLocker Ransomware, and backups for recovering their websites' contents.

Your Website might Be Getting Mega-Locked

File-locker Trojans tend to have ancestral lines that tie them back to old, well-known Trojans like Utku Sen's Hidden Tear, the far-ranging the Globe Ransomware, the Scarab Ransomware's half-Russian family, and similar entities. A minority of these threats are, however, independent, which can raise the difficulty of identifying them or finding an appropriate unlocking solution that reverses their damages. The MegaLocker Ransomware is one of these 'lone wolf' Trojans, with a campaign that malware analysts are noting for activity in the wild.

The MegaLocker Ransomware's most immediate attacks are targeting websites after compromising their admin accounts. Besides the data-locking dangers that the MegaLocker Ransomware represents versus traditional media (documents, pictures, etc.) with its AES-128 encryption, it targets other filetypes that are critical to site infrastructure such as indexes. Although the users can search for the MegaLocker Ransomware's 'crypted' extension for identifying the blocked data, this may be redundant since most formats should be unusable.

The MegaLocker Ransomware includes a highly-visible ransom note in a text file that, like the Trojan, itself, is unique and not using instructions that malware analysts are tracing back to any similar campaigns. It includes a sample decryptor for up to three files for free, different ransoming prices for businesses versus individuals, and an ID-based payment system that trafficks in Bitcoins. The paying of this ransom might or might not get back an unlocking service for the victim in question, and, as a precaution, malware researchers recommend having backups for the protection of your files and site.

Keeping Your Site out of the Ransoming Business

The MegaLocker Ransomware's campaign is showing some connections with targeting Portuguese ISP customers and infrastructure that's associated with the Linux systems' Apache but could be operable under other conditions. Some of the standard defenses that malware experts advise all website admins for considering the MegaLocker Ransomware infections include:

  • Closing ports that aren't in use and maintaining an appropriate configuration for your firewall will help with reducing any susceptibility to port-scanning attacks, through which, criminals could gain a foothold on your server.
  • Using strictly-secure passwords without default factory values will hamper brute-force attacks from succeeding at cracking admin accounts' logins.
  • Updating software for your website infrastructure, free options like WordPress especially, will lower any vulnerabilities that a remote attacker might use to his benefit.

Most anti-malware brands are experiencing issues with detecting this threat, and malware experts urge that users update their security solutions as routine maintenance regularly. Once it's identifiable, removing the MegaLocker Ransomware should be possible by a majority of anti-malware products, but they can't decrypt or unlock any files.

Malware analysts haven't rated the MegaLocker Ransomware's attack as being perfectly secure, yet, and a free decryptor's publication could be in the future. However, website admins shouldn't depend on a potential haven for their sites when they can have a more guaranteed one with the help of long-since-standardized security and backup practices.

Loading...