…Now they just lock up device, hope you pay

Quote

Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files.

The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the threat said it was the first of its kind that they had seen in some time.

The success of file-encrypting ransomware such as CryptoLocker, CryptoWall, Locky has rendered earlier system locker malware unfashionable if not obsolete. Ransom lockers can be normally be cleaned by using “rescue discs”, unlike file-scrambling malware strains.

The latest strain represents an advancement of ransom locker malware as it is using Tor to communicate to its command and control servers. The Windows nasty prevents users from booting in safe mode.

“Also, while the attacker got your machine kidnapped, they created a Tor hidden service that allows the attacker to utilise your system for bitcoin payments or other malicious activity,” Kimayong added.