A new malware called StalinLocker or StalinScreamer was discovered by MalwareHunterTeam, which gives you 10 minutes to enter a password otherwise it tries to delete the contents of your hard drives.
The new malware appears to be in its early stages and is expected to be further developed by its makers. When activated it will display a screensaver showing Stalin, while at the same time it will play the anthem of the USSR. A reverse is also displayed on the screen measurement που μετράει τον εναπομείναντα χρόνο που έχετε μέχρι να δώσετε ένα σωστό κωδικό. Αν ο κωδικός αυτός δεν δοθεί τότε το malware προσπαθεί να διαγράψει όλους τους σκληρούς δίσκους του συστήματός σας.
Specifically, when activated StalinLocker will perform the following actions:
1. Exports the “USSR_Anthem.mp3” audio file to the% UserProfile% \ AppData \ Local folder and plays it. It's a hymn, the same as it sounds in this video on YouTube, but with much worse quality.
2. Copy% UserProfile% \ AppData \ Local \ stalin.exe and create an autorun file called "Stalin" which starts the screenlocker / wiper when the user logs on to the computer.
3. Creates the file %UserProfile%\AppData\Local\fl.dat which runs the remaining time in seconds divided by 3. So every time you start it program, the countdown is significantly shorter.
4. Tries to end the processes that are already running.
5. Terminates Explorer.exe and taskmgr.exe.
6. Προσπαθεί να δημιουργήσει μια προγραμματισμένη εργασία που ονομάζεται “driver Update” (Ενημέρωση προletterτος οδήγησης) για την εκκίνηση του Stalin.exe. Αυτό το τμήμα του code he's got Mistakes.
Then StalinLocker will show the screen locking that's in the photo at the beginning of this article, which contains a 10-minute countdown that counts the time until your files are deleted unless you enter a code. According to MalwareHunterTeam, αυτός ο κώδικας είναι ουσιαστικά το νούμερο που προέρχεται αν αφαιρέσετε την τρέχουσα date implementationς του προγράμματος μέχρι την ημερομηνία 1922-12-30. Εάν ο χρήστης εισαγάγει τον σωστό κωδικό, το wiper θα διαγράψει το autorun.
On the other hand, if the code is not entered before the countdown reaches zero, screenlocker will try to delete all files for every drive letter on the computer. This is achieved by going through all the letters units disk from A to Z and deleting those that are accessible, as shown below.
This malware appears to be in progress, but fortunately, most security vendors have detected it and updated their respective programs.