In the last couple of years, hacktivism has become a recurring theme in cyberspace. It entails the pushing of any political or social agenda with the help of malevolent cyber activity. This hacktivism can vary according to the extent of malicious cyber activities. We have seen how hacktivists have partially damaged critical infrastructural installations through system hacking to convey their message.
Last week, a group of malware hunters discovered a new locker ransomware that might be the brainchild of some communist hacktivists. The cryptographic code has been named Stalinlocker, which locks down the screen of the affected device with a Portrait of Joseph Stalin while the anthem of USSR plays in the background.
Stalinlocker gives the victim 10 minutes to enter a code for ransomware removal. Otherwise, it starts deleting the files from alphabetically sorted drives.
Interesting Decryption of Stalinlocker
According to the team of researchers that discovered this locker ransomware on the web, the code for ransomware removal can be obtained by subtracting the date of the attack from the date when USSR came into being. As soon as the correct code is entered, the autorun window of Stalinlocker terminates automatically.
Stalinlocker Affects Various Functions on the Affected Device
This lockers ransomware terminates all the running programs on the affected device except Skype. It installs an mp3 file of USSR anthem in the Local Folder in the User Profile and extracts it automatically. Furthermore, it terminates all the task manager operations on the affected device including explorer.exe. This means even if it doesn’t lock the screen, the user will remain unable to use the affected device.
No Ransom Demand
As of now, you can do ransomware removal by simply entering the derived unlock code. The operators of Stalinlocker haven’t made any ransom demand yet. This also proves that the attacks are politically-motivated. As it is known that many quarters are working for the renaissance of USSR and this hacktivism might be part of it.
Researchers also suggest that Stalinlocker is in its nascent phase and more features can be included in this locker ransomware to make its activity more lethal.