A new malware called StalinLocker or StalinScreamer, discovered by MalwareHunterTeam, gives you 10 minutes to insert a code otherwise it tries to erase the contents of the hard drives on your computer.
The new malware seems to be in its infancy and is expected to be further developed by its manufacturers. When activated it will display a screensaver screen showing Stalin while playing the USSR anthem at the same time. The display also shows a countdown that counts the remaining time you have until you enter a correct code. If this code is not given then the malware will try to delete all the hard drives in your system.
Specifically, when activated StalinLocker will perform the following actions:
1. Exports the “USSR_Anthem.mp3” audio file to the% UserProfile% \ AppData \ Local folder and plays it. It's a hymn, the same as it sounds in this video on YouTube, but with much worse quality.
2. Copy% UserProfile% \ AppData \ Local \ stalin.exe and create an autorun file called "Stalin" which starts the screenlocker / wiper when the user logs on to the computer.
3. Creates the file% UserProfile% \ AppData \ Local \ fl.dat which runs the remaining time in seconds divided by 3. So every time you start the program, the countdown is significantly smaller.
4. Tries to end the processes that are already running.
5. Terminates Explorer.exe and taskmgr.exe.
6. It tries to create a scheduled task called “driver Update” (Program update driving) to launch Stalin.exe. This part of the code has errors.
StalinLocker will then display the lock screen shown in the photo at the beginning of this article, which contains a 10-minute countdown counting the time until your files are deleted except and if you enter a code. According to MalwareHunterTeam, this code is essentially the number that comes from subtracting the current program execution date by 1922-12-30. If the user enters the correct password, the wiper will delete the autorun.
On the other hand, if the code is not entered before the countdown reaches zero, the screenlocker will try to delete all the files for each letter of the units on the computer. This is achieved by switching all drive letters from A to Z and deleting those that are accessible, as shown below.
Αυτό το malware φαίνεται ότι βρίσκεται σε εξέλιξη, αλλά ευτυχώς, οι περισσότεροι προμηθευτές better safetyhave detected it and updated their respective programs.
