Blog

Ranstop blocks ScammerLocker ransomware

Test subject ScammerLocker (Jodis) ransomware

Based on the well known and publicly available HiddenTear ransomware code, ScammerLocker is relatively simple but highly efficient ransomware. HiddenTear is continuously improved, and because it is opensource, we should expect new variants to appear. Other variants of HiddenTear include Oxar, May, Krypton, MoWare, Franzi or Ultimo.  Distribution channels differ with each variant/version, and often attacking vectors are also changed, but usually, they are spread using email campaigns and hacked/compromised websites. The executables are in most cases silent (they run in the background) and concealed as well known files, like Microsoft Office or Adobe PDF files, tricking users into opening them. Social engineering is in most cases also involved.

ScammerLocker ransomware test facts

The attack starts immediately as the malware is opened.  Files located on the Desktop are the first victims, continuing with other widely used user folders like “Documents”, “Pictures” or “Videos”. These files are easily recognizable by their new extension, “jodis.” At this time, ScammerLocker requests a tiny amount of money (compared to other ransomware) to recover the files, approx. $12 (10 IOTA), but this could change in the future. Many people will find the offer attractive, and they are likely to pay the ransom. This approach is different from other ransomware, which usually requests a few hundred dollars (in cryptocurrency). Often the developers offer the possibility to negotiate exactly because the prices are generally high. Obviously, we will never recommend getting in touch with the cybercriminals in any way, not just because the possibility to recover the files (even if the ransom is paid) is low, but also because they might use your identification data for other illegal/annoying purposes. Unfortunately, at the time of this research, there is no other way to even hope for recovering corrupted files.

ScammerLocker ransomware test results

TEMASOFT Ranstop detects ScammerLocker ransomware very soon after it starts encrypting files. When Ranstop detects the threat, the user is alerted, and the rogue process is stopped and quarantined. The affected files are automatically restored so that the user doesn’t lose any valuable document.


Click here to watch TEMASOFT Ranstop blocking ScammerLocker ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023