StalinLocker: New malware deletes your files unless you enter the correct password

A new malware called StalinLocker or StalinScreamer was discovered by MalwareHunterTeam, which gives you 10 minutes to enter a password otherwise it tries to delete the contents of your hard drives.

The new malware appears to be in its early stages and is expected to be further developed by its makers. When activated it will display a screensaver showing Stalin, while at the same time it will play the anthem of the USSR. A reverse is also displayed on the screen που μετράει τον εναπομείναντα χρόνο που έχετε μέχρι να δώσετε ένα σωστό κωδικό. Αν ο κωδικός αυτός δεν δοθεί τότε το malware προσπαθεί να διαγράψει όλους τους σκληρούς δίσκους του συστήματός σας.

Specifically, when activated StalinLocker will perform the following actions:

1. Exports the “USSR_Anthem.mp3” audio file to the% UserProfile% \ AppData \ Local folder and plays it. It's a hymn, the same as it sounds in this video on YouTube, but with much worse quality.
2. Copy% UserProfile% \ AppData \ Local \ stalin.exe and create an autorun file called "Stalin" which starts the screenlocker / wiper when the user logs on to the computer.
3. Creates the file %UserProfile%\AppData\Local\fl.dat which runs the remaining time in seconds divided by 3. So every time you start it , the countdown is significantly shorter.
4. Tries to end the processes that are already running.
5. Terminates Explorer.exe and taskmgr.exe.
6. Προσπαθεί να δημιουργήσει μια προγραμματισμένη εργασία που ονομάζεται “ Update” (Ενημέρωση προτος οδήγησης) για την εκκίνηση του Stalin.exe. Αυτό το τμήμα του he's got .

Then StalinLocker will show the screen that's in the photo at the beginning of this article, which contains a 10-minute countdown that counts the time until your files are deleted unless you enter a code. According to MalwareHunterTeam, αυτός ο κώδικας είναι ουσιαστικά το νούμερο που προέρχεται αν αφαιρέσετε την τρέχουσα ς του προγράμματος μέχρι την ημερομηνία 1922-12-30. Εάν ο χρήστης εισαγάγει τον σωστό κωδικό, το wiper θα διαγράψει το autorun.

On the other hand, if the code is not entered before the countdown reaches zero, screenlocker will try to delete all files for every drive letter on the computer. This is achieved by going through all the letters s disk from A to Z and deleting those that are accessible, as shown below.

This malware appears to be in progress, but fortunately, most security vendors have detected it and updated their respective programs.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).