Contact

WINDOWS LOCKER RANSOMWARE

NetmanageIT OpenCTI - opencti.netmanageit.com

WINDOWS LOCKER RANSOMWARE



SUMMARY :

A new ransomware strain called 'Windows Locker' has been identified, targeting victims by encrypting files and appending the .winlocker extension. Upon infection, it drops a ransom note named Readme.txt with instructions for contacting the attacker. Written in .NET, this sophisticated malware modifies registry keys for persistence, deletes shadow copies, and disables system defenses. It employs AES encryption with a 256-bit key, creates autorun entries, replicates onto removable drives, and disables Windows Defender and Task Manager. The ransomware generates a unique identifier for infected systems, retrieves the local IP address, and includes personalized details in the ransom note. It also modifies the desktop background as part of its psychological impact.

OPENCTI LABELS :

ransomware,windows locker


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


WINDOWS LOCKER RANSOMWARE