Trojan.Ransomlock.R

Posted: October 1, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	14

First Seen:	October 1, 2012
OS(es) Affected:	Windows

Trojan.Ransomlock.R is one of many members of the Ransomlock family, a collective of Police Ransomware Trojans that display erroneous legal warnings and lock your computer – all in an effort to make you transfer money to criminals. Trojan.Ransomlock.R particularly is associated with Police Trojans related to Europe (like the Police Central e-crime Unit (PCEU) Ransomware or the Metropolitan Police Ukash Virus) but may use different pop-up warnings, according to the IP address of the infected computer. In spite of its appearances as a digital arm of the law, SpywareRemove.com malware researchers emphasize that Trojan.Ransomlock.R is illegal and never should be paid.

Trojan.Ransomlock.R: Using the Fake Law to Commit Crimes Against Your PC

All members of the Ransomlock family analyzed by SpywareRemove.com malware researchers thus far have attempted to disguise themselves as messages from a local police agency, with Trojan.Ransomlock.R proving to be a follower of this general rule. Some other members of Trojan.Ransomlock.R's family include Trojan.Ransomlock.G, Trojan.Ransomlock!gen4 and Trojan.Ransomlock.H, all of which can be detected through their typical screen-wide pop-up warnings.

Through references to the London police, the Police Central E-Crime Unit and similar organizations, Trojan.Ransomlock.R attempts to convince any victims that its pop-up warnings are real legal alerts from the authorities. Unlike a real law-enforcing program, Trojan.Ransomlock.R doesn't display its alert only in appropriate circumstances; SpywareRemove.com malware researchers have noted that Trojan.Ransomlock.R's alert will display even for computers that aren't guilty of the criminal activities described in its text.

Along with making general accusations regarding crimes like viewing child pornography or downloading copyright-protected media, Trojan.Ransomlock.R also will prevent you from using Windows or any major Windows programs. Trojan.Ransomlock.R claims to unlock your computer after the appropriate fine is paid, but SpywareRemove.com malware experts haven't found any sign of a legitimate system-unlocking function from Trojan.Ransomlock.R and don't recommend paying its ransom.

The Right Way to Escape Detainment by a Trojan.Ransomlock.R Infection

Given that attacks by Trojan.Ransomlock.R Trojans always lock you out of Windows and any obvious means of ridding yourself of Trojan.Ransomlock.R's pop-up, you should look towards disabling Trojan.Ransomlock.R as the most important step in disinfecting your PC. However, SpywareRemove.com malware experts stress that this doesn't utilize paying Trojan.Ransomlock.R for its attacks, but, instead, booting your computer from an uninfected source – such as any easily-accessible USB drive. This will allow you to access your computer and use anti-malware products as necessary to remove Trojan.Ransomlock.R.

Trojan.Ransomlock.R and other Ransomlock-based Police Trojans usually don't include self-distributing features. Therefore, you should be aware of the likelihood of any Trojan.Ransomlock.R infection also including other PC threats, such as Trojan downloaders, that may cause additional issues. Anti-malware scans from the appropriate environment, as described above, should be sufficient for removing Trojan.Ransomlock.R and any other PC threats that might have installed Trojan.Ransomlock.R initially. Trojan.Ransomlock.R infection vectors often include drive-by-download scripts from malicious or compromised websites, and may not display any symptoms – at least, not until you start seeing Trojan.Ransomlock.R's pop-up.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Trojan.Ransomlock.R may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy. * See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"(Default)" = "%CurrentFolder%\[RANDOM FILE NAME]"