Zero Locker: Locker Crypto-successor wants $ 1,000

Published on

Zero Locker, a new encryption Trojans in the style of Crypto Locker is doing the rounds, the report inter alia Kaspersky and Panda. The principle is the same, the Trojan infects a Windows system that encrypts the hard drive and prevents access. Against payment of a ransom, in the case of Zero Locker $ 300 are required to be decrypted data. One hesitates with the payment, the amount claimed is gradually increased up to $ 1,000.


Operates Zero Locker
Zero Locker is recognized by the anti-virus experts as Trj / Crypdef.A (Panda) or Trojan-Ransom.MSIL.Agent.uh (Kaspersky). He puts in the registry under "HKLM \ SOFTWARE \ Microsoft" is "ESENT \ Process \ (filename) \ DEBUG" on, also the folder "C: \ Zero Locker" in the Trojan under the name "ZeroRescue.exe "even copied. Under "HKCU \ Software \ Microsoft" is created in "Windows \ CurrentVersion \ Run" is another registry entry that ensures that Zero Locker is executed at each Windows start.


Zero Locker encrypts everything
Zero Locker currently comes under other than Fake update for Java on Windows PCs and works thoroughly. The Trojan encrypts almost all files on the hard drive with 160 bit AES; which makes brute-force attacks on the encryption very complex. Staying out files larger than 20 MB, and the Windows and program directory. At each file name then appends the extension ".encrypt". After encryption removed Zero Locker all file residues and sends the encryption key with checksum and MAC address of the computer to the command server. A Bitcoin Wallet is programmed into Zero Locker, but the Trojans from his command server tries to draw a new wallet address.


Zero Locker: Pay No way
In ransomware Trojans as Zero Locker should you pay in any case. There are many reasons: First, it is not clear if you ever get a key to decrypt the data. Obtained a key, there is no guarantee that you really can decrypt it. That the blackmailer himself completely removed from your system, also is very unlikely, the next attempt at extortion should not be long in coming. In Zero Locker there's another reason not to pay. The contacted server behind the Trojans provide error messages. Who pays, so get in no case a key, because the technology behind the strike Trojans.


Remove Zero Locker
In Crypto Locker it took a long time until there was a software that decrypts the files again. For Zero Locker there so not a software. Thus, it is currently not possible to decrypt the data. Nevertheless, all is not lost, because Zero Locker makes in so far emerged variant a few bugs, including the restore points of Windows are not deleted. So you can try a working configuration to retrieve. For each file, the freeware helps Shadow Explorer . Even more convenient it is, if you already create a backup software like True Image backup regularly. Just play the last backup before the Zero Locker Gefall back.


Protect against Zero Locker
To become infected not only with Zero Locker, you should use an updated antivirus software. These Windows and installed programs should be kept up to date to make gateways for the Trojans as unlikely as possible. The special tool Crypto Prevent specializes in blocking of ransomware Trojans. In the freeware version you do need to worry about software updates itself, up to date blocked the tool but all common blackmail Trojans.

To be informed of the latest articles, subscribe:
You might also like:
Twitter fiasco: Puma makes football star to Kokser
Twitter fiasco: Puma makes football star to Kokser
Twitter fiasco: Puma makes football star to Kokser
Comment on this post