StalinLocker Deletes Your Files Unless You Enter the Right Code
A new in-development screenlocker/wiper called StalinLocker, or StalinScreamer, is discovered, which gives you 10 minutes to enter a code or it will try to delete the contents of the drives on the computer.
While running, it will display screen that shows Stalin while playing the USSR anthem and displaying a countdown until files are deleted.
When executed, StalinLocker will perform the following actions:
-
Extract the "USSR_Anthem.mp3" file to the %UserProfile%\AppData\Local folder and play it. This anthem is the same one heard in this YouTube video, but of much worse quality.
-
It will copy itself to %UserProfile%\AppData\Local\stalin.exe and create an autorun called "Stalin" that starts the screenlocker/wiper when the user logs into the computer.
-
It will create %UserProfile%\AppData\Local\fl.dat and write the current amount of seconds left divided by 3. So each time you start the program, the countdown is significantly less.
-
Attempt to terminate processes other than Skype or Discord.
-
Terminate Explorer.exe and taskmgr.exe.
-
Tries to create a Scheduled Task called "Driver Update" to launch Stalin.exe. This part of the code is currently throwing errors.
-
StalinLocker will then display the above lock screen that contains a 10 minutes countdown until your files are deleted or you enter a code. This code is derived by subtracting the current date of when the program was executed by the date 1922.12.30. If the user enters the correct code, the wiper will exit and delete the autorun.
On the other hand, if the code is not entered by the time the countdown reaches zero, the screenlocker will attempt to delete all of the files on each drive letter found on the computer. This is done by going through all drive letters from A to Z and deleting any that are accessible as shown below.
This wiper is currently in development, but could easily be made into a workable state. Thankfully, most security vendors are detecting this either through definitions or heuristics, so make sure that you have an npav anti-virus program installed and updated to the latest definitions.
Comment(s)
Categories
- Other (42)
- Ransomware (115)
- Events and News (25)
- Features (44)
- Security (412)
- Tips (79)
- Google (22)
- Achievements (6)
- Products (30)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (171)
- Cyber Attack (208)
- Data Backup (11)
- Data Breach (67)
- Phishing (129)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (52)
- Knoweldgebase (37)
- Botnet (15)
- Updates (3)
- Alert (68)
- Hacking (54)
- Social Media (7)
- vulnerability (48)
- Hacker (30)
- Spyware (8)
- Windows (5)
- Microsoft (20)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (2)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (4)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (4)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (6)
- Offers (5)
- Gaming (1)
- FireFox (1)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (2)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (1)
Recent Posts
Archive
Tags
phishing
cyber attack
ransomeware
ransomware
data breach
android malware
data stealing
ddos
phishing email
twitter
india
microsoft
cert-in
malware
whatsapp
clop
email phishing
pakistani hackers
critical vulnerability
december cyber attacks
independence day
occasion
telegram
trojan
ddos attack
fedex
scam
cybercrime
winrar
cyber security
lockbit
play store
organisation
clop gang
microsoft team
clop gang extorting
user data leak
pakistan-backed hacker
hacking
malicious apps
android apps
cyber attack in india
android
cert
pune
cryptojacking
google play store
data backup
canon
facebook