BlackBerry Researchers Discover New Ransomware Family that Targets Windows Systems

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Security researchers at BlackBerry have identified a new Ransomware-as-a-Service (RaaS) family on March 16 and traced it back to its alleged beta stage release.

The strain, called LokiLocker, encrypts victims’ files, renders compromised systems unusable, and demands a ransom to restore access. The malicious service also tries to shake off unwanted attention by framing Iranian threat actors.

LokiLocker was first spotted on the web last August, targeting Windows PCs of English-speakers.

“LokiLocker encrypts victim’s files on local drives and network shares with a standard combination of AES for file encryption and RSA for key protection,” according to BlackBerry’s security advisory. “It then asks the victim to email the attackers to obtain instructions on how to pay the ransom.”

So far, LokiLocker seems to have the same encryption capabilities as many other known ransomware strains. However, threat actors can also configure it to wipe all non-system files and overwrite the MBR, thus making the system unusable.

“LokiLocker also boasts an optional wiper functionality — if the victim doesn’t pay up in the timeframe specified by the attacker, all non-system files will be deleted and the MBR overwritten, wiping all the victim’s files and rendering the system unusable. With a single stroke, everyone loses,” according to the advisory.

Reportedly, LokiLocker could be programmed to exclude certain countries from encryption and wiping, but further research found only Iran on the list of exceptions. Additionally, the exception rule hasn’t even been implemented, leading experts to believe that the references to Iranian threat actors might be a diversion to avoid unwanted attention.

At the moment, no free tool to decrypt content ciphered by LokiLocker exists.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment