![]() ![]() LokiLocker also boasts an optional wiper functionality – if the victim doesn’t pay up in the timeframe specified by the attacker, all non-system files will be deleted and the MBR overwritten, wiping all the victim’s files and rendering the system unusable. It then asks the victim to email the attackers to obtain instructions on how to pay the ransom. LokiLocker encrypts victim’s files on local drives and network shares with a standard combination of AES for file encryption and RSA for key protection. Although Koi seems to be popular with hacking tools and cracks, we haven’t seen a lot of other malware using it to date. NET applications, but around 2018, its code was open-sourced (or possibly leaked), and it’s now publicly available on GitHub. KoiVM used to be a licensed commercial protector for. NET and protected with NETGuard (modified ConfuserEX) using an additional virtualization plugin called KoiVM. The threat then encrypts their files, and demands they pay a monetary ransom to restore access. Like the god it is named after, LokiLocker enters the victim’s life uninvited and starts looking for property to purloin. ![]() It shares some similarities with the LockBit ransomware (registry values, ransom note filename), but it doesn't seem to be its direct descendant. It shouldn’t be confused with an older ransomware family called Locky, which was notorious in 2016, or LokiBot, which is an infostealer. LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows® PCs the threat was first seen in the wild in mid-August 2021. LokiLocker is similarly insistent on acquiring that to which it has no legitimate claim. One of the many hot-headed fire gods, Loki was an enemy to the other gods themselves, often entering their banquets uninvited and demanding their food and drink. In Norse mythology, Loki was the consummate trickster who had the ability to shapeshift at will. However, like its namesake god Loki, this threat seems to have a few subtle tricks up its sleeve - not least being a potential “false flag” tactic that points the finger at Iranian threat actors. Like so many other strains of ransomware, LokiLocker encrypts your files and will render your machine unusable if you don't pay up in time. BlackBerry Threat Intelligence has identified a new Ransomware-as-a-Service (Raas) family, and tracked its lineage to its probable beta stage release. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |