New Ransomware LokiLocker!!!
It has been reported by BlackBerry Threat Intelligence that a new Ransomware as a Service program has been identified called LokiLocker! 😱
LokiLocker encrypts files and will render a machine unusable if victim does not pay in time also LokiLocker is a new ransomware software targeting victims who use Windows OS. It also seems that LokiLocker is developed by an Iranian group called AccountCrack also at least three of known LokiLocker users use usernames that are only found on Iranian hacking channels. LokiLocker should also not be mistaken for Locky or LokiBot as it is a NEW Ransomware program!
LokiLocker config source code
LokiLocker malware appears to be written in .NET and protected with NETGuard using an additional virtualization plugin called KoiVM. This ransomware then encrypts victim’s files on local drives and network shares with a standard combination of AES for file encryption and RSA for key protection. It then ask victim to email attackers on how to pay ransom. LokiLocker also has a wiper functionality – if victim does not pay all non-system files will be deleted and MBR overwritten - wiping all victim’s files and rendering system unusable!
Could LokiLocker have been developed by Iran??
It appears that LokiLocker works as a service that appears to be sold to small number of hackers. It is not clear yet whether this means they come originate from Iran or not, but all evidence seen so far point to corrupt regime!
No comments:
Post a Comment