StalinLocker Ransomware

A new , sophisticated screenlocker / Ransomware has been detected which gives you only 10 minutes to enter code or it locks your screen and starts wiping data on your PC.
stalin

It displays a screen that shows Stalin while playing the USSR anthem and displaying a countdown until files are deleted.

StalinLocker may land on computers via phishing emails and corrupted updates to browser plugins like Adobe Flash and Java. The StalinLocker is a severe threat to PC users as it is designed to wipe data securely if the victim fails to enter a “disarm code” on the Stalin Screen Lock window. Once the StalinLocker Wiper is on the computer, it loads ‘C:\Users\\AppData\Local\stalin.exe’ that covers the screen with a program window completely. As the name implies, the Screen Lock window includes a Photoshopped photo of Josef Stalin after he is appointed as the acting political and military leader of the Soviet Union (USSR). Additionally, it play an MP3 file from ‘C:\Users\\AppData\Local\USSR_Anthem.mp3’.

The Screen Lock message presented to users features the following quote from Josef Stalin:

Translated into English:
‘The victory of socialism in our country is assured
The foundation of the socialist economy is complete
The reality of our production plan is millions of working people who are creating a new life.
J. Stalin.’

A detailed review of the code showed that the StalinLocker Wiper is programmed to give its victims the chance to disable it by entering a code until eleven minutes (660 seconds) are passed. Researchers pointed out that the unlock code is a sequence of numbers. The correct sequence is determined by subtracting 1922.12.30 from the current date. Interestingly, December 30th, 1922 is the date the USSR was established after a revolution took over Russia. If PC users fail to enter the correct disarm code, the StalinLocker Wiper proceeds to delete all data on the local drives starting with drive letter A:\ all the way to Z:\. The StalinLocker Wiper is reported to terminate the processes of the Windows Explorer (explorer.exe) and the Windows Task Manager (taskmgr.exe) when it is loaded on the desktop.

The StalinLocker Wiper does not demand money from users like other Ransomware, and it does not need users to play a game to unlock their files . On the contrary, StalinLocker is a simple data wiper, which can be countered by only one way — backups. We advise PC users to incorporate a reliable backup solution such as provided by Max Total Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>