TDR

Errors in ZeroLocker means paying ransom may not decrypt files

August 22, 2014

Researchers with Kaspersky have identified a piece of ransomware known as ZeroLocker that asks for $300 in Bitcoin – followed by $500 and then $1,000 if the victim waits.

The encryption key and other data sends through a GET request that results in a 404 error on the server, meaning that paying up likely does not end in files being decrypted, according to a post.

ZeroLocker encrypts all files on the system, with the exception of files larger than 20MB and files in directories including the words ‘Windows,' ‘WINDOWS,' ‘Program Files,' ‘ZeroLocker,' and ‘Desktop,' the post indicates.

The ransomware uses a random 160-bit AES key for encryption and bruteforcing is not possible, according to the post, which adds that the cipher.exe utility runs after encryption, removing unused data and making recovery of files tougher.

prestitial ad