MotoxLocker Ransomware
Posted: September 23, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 94 |
| First Seen: | September 23, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The MotoxLocker Ransomware is an encryption Trojan basing its code off of the DetoxCrypto Ransomware family. Besides the unusable files created by its attempts to hold your PC's data up for ransom, the MotoxLocker Ransomware's primary symptoms include a desktop-hijacking feature that replaces your Windows background with its extortion demands. Victims should use other recovery methods as noted in this article, including anti-malware tools that can delete the MotoxLocker Ransomware and prevent any additional data encrypting attacks.
A Fresh Trojan Cleansing Your Files of Your Ownership
Some threat business models maintain themselves for longer than others, with many of the most long-lived threats of the current year being the output of Trojan-building toolkits offered by malware authors to third-party con artists. One such family worth examining is DetoxCrypto Ransomware, which, early on, gained some media attention for using Pokemon-themed ransom attacks. New versions of this threat, like the MotoxLocker Ransomware, eschew this strong theme in exchange for a direct approach.
The MotoxLocker Ransomware is deploying in a campaign targeting Croatian-speaking victims currently. The installation file uses the disguise of an ordinary PDF document, which increases the probability of the MotoxLocker Ransomware's distribution methods employing e-mail spam. After being launched, the fake PDF installs the MotoxLocker Ransomware in the format of a fake Trend Micro application. The MotoxLocker Ransomware then scans your PC for files to encrypt with its AES algorithm, and, afterward, hijacks the victim's desktop with its ransom instructions.
Malware experts took note of several ways in which the MotoxLocker Ransomware differs from other, famous file encrypting Trojans due to the absence of several symptoms. Symptoms missing among the MotoxLocker Ransomware include:
- The MotoxLocker Ransomware does not rename any encrypted data or append a new extension to the end of their names. The encrypted content remains non-functional when the user tries to open it, as usual.
- The MotoxLocker Ransomware does not use any advanced HTML pop-up windows or try to lock your screen. The only extortion message left by the MotoxLocker Ransomware, demanding fifty Euros in exchange for a decryptor and 'protection from similar invasions,' is embedded in the image it sets to your desktop background.
A Cyber-Toxin Cure that will not Cost You a Cent
The MotoxLocker Ransomware attacks require manual installations prompted by victims who launch threatening content without being aware of what they're doing. Just scanning potential threats before executing them could detect a MotoxLocker Ransomware installer. Casual PC users and operators of business PCs alike should be mindful of the increased activity surrounding e-mail infection vectors, with the corrupted attachments often utilizing relatively elaborate disguises, such as invoices customized for a single service or company.
Malware experts were able to confirm that of the two variants of the MotoxLocker Ransomware known, so far, at least one employs an insecure encryption key. PC owners who haven't stopped the MotoxLocker Ransomware with appropriate anti-malware protection may be able to restore their content by making inquiries within the PC security community about the proper decryption tools.
Even though the MotoxLocker Ransomware includes relatively amateurish mistakes in its encryption methodology, the persistence and highly-targeted nature of the threat make it clear that PCs have more to fear from the increasingly numerous, sprouting branches of the DetoxCrypto Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.