A new variant of Ransomeware lies dormant until triggered by an activation date as described below


Dubbed Locker, this ‘sleeper’ ransomware had laid dormant on infected devices until those behind the scam activated it earlier this week. A new strain of ransomware that had laid dormant on infected devices suddenly “woke up” at midnight on Monday, May 25, security firm KnowBe4 said in an alert issued today.

Ransomware encrypts all the files on the devices it infects and demands a ransom payment in exchange for the decryption key to give the content back to the original owner.  This new strain of malware, dubbed Locker, is “very similar to CryptoLocker,” the first successful modern form of ransomware that was released in late 2013 and was thwarted last year. Locker is a “sleeper” strain of malware, meaning that victims may have unintentionally downloaded it earlier, but that their devices were not encrypted until the ransomware was activated earlier this week.

PC help site Bleeping Computer has seen hundreds of reported Locker victims worldwide already, and believes it has a large installed base, KnowBe4 said in its alert. Sjouwerman says some reports indicate that the ransomware could have originated in a “compromised MineCraft installer.” Once Locker encrypts an infected device’s files, it issues a warning against users and IT professionals who might try to find another way around paying the ransom:

KnowBe4 said Locker demands a relatively small ransom payment, 0.1 bitcoin, which currently costs $23.75 (bitcoin’s value fluctuates constantly, but it was at about $237.47 for one bitcoin at the time this was written). Most ransomware attacks demand about $500 payment from all victims, suggesting that Locker is designed to make it easier for more victims to pay.

The notice that Locker issues promises that it will decrypt files in exchange for payment. “If the payment is confirmed the decryption key will be send [sic] to your computer and the Locker software will automatically start the decrypting process,” the notice reads. “We have absolutely no interest in keeping your files encrypted forever.”   Most ransomware campaigns stick to this promise to ensure that victims will pay the fee. Ransomware perpetrators know that if people don’t receive their files in exchange for the payments, word will get out to the public and no victims of ransomware will pay in the future.