Skip to main content
  1. Home
  2. Computing
  3. News

‘Sleeper’ Locker ransomware comes alive, infects hundreds

Jonathan Keane
By

exploit
Image used with permission by copyright holder
A new strain of ransomware that has been lying dormant on PCs was activated this week by its authors, catching users by surprise. The “sleeper” malware, which encrypts users’ files and holds them for a fee or ransom, appears to have infected computers several months ago but remained inactive until now.

According to security firm KnowBe4, the ransomware, dubbed Locker, was activated at midnight on Monday May 25 and caught users by surprise. Members of the Bleeping Computer forums were some of the first to notice the ransomware with several infected users calling out for help as well as posting screenshots of their ransom messages.

Recommended Videos

“As of yesterday, I found out I have been infected with some kind of ransomware. I spent all night trying to find a solution but nothing bare [sic] fruit…,” wrote one user, who tried using FireEye and Fox-IT’s Decryptolocker solution but to no avail.

Locker is very similar to the infamous CryptoLocker, says KnowBe4 CEO Stu Sjouwerman, and the new malware may have stemmed from a “compromised MineCraft installer.” It represents a new tactic from malware authors where the ransomware sits dormant for some time before being activated. Typically, ransomware encrypts a user’s files as soon as it is downloaded.

Locker17
Image used with permission by copyright holder

“Warning any attempt to remove damage or even investigate the Locker software will lead to immediate destruction of your private key on our server!” read some of the notices shared on Bleeping Computer. Locker demands 0.1 Bitcoin, which at the time of reporting is worth about $23. There are reportedly hundreds of users infected at this point but no word on if anyone has paid.

The ransom that Locker is demanding is actually quite small. Most ransoms ask for about $500 worth of Bitcoin. A recent report from FireEye pointed out that some cyber-criminals are actually willing to lower their prices. Lowering prices and making it easier to pay up allows them to target more users for smaller paydays each rather than hoping for one large ransom. With Locker lying dormant and unnoticed for months, this allowed the cyber-criminals to amass a hefty number of infected computers before encrypting any files.

Cases of ransomware have grown significantly over the last year on both PC and mobile, and there are even cases of police departments paying up to get their encrypted files back. Paying the ransomware can be a tricky situation, and most security pros advise against it. In most cases, the cyber-criminals will actually decrypt the files once the money is received, but this is never a guarantee; there have been incidents of criminals simply taking the money and running.

Locker is just another member of this growing malware family now. “At this very early time after the initial discovery, things are still somewhat murky, but we will keep you in the loop about any developments,” adds Sjouwerman.

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Here’s everything to consider when buying a CPU in 2024
AMD Ryzen 9 3900x pins.

Searching for a new CPU in 2024 presents you with excellent options for powerful processors, budget chips that punch well above their weight, and some incredibly efficient options that are perfect for small builds. That's what makes the modern CPU landscape so exciting: You don't just need to buy the best processor you can afford.

The right CPU for you is one that can do everything you need right now, and do it well, while also providing some future-proofing, and ideally, a clear upgrade path for the future. Here's how to buy a CPU in 2024.
CPU specs, explained

Read more
Apple has backed itself into a corner
Apple iPad Pro 11 with Apple Magic Keyboard.

Apple is rumored to finally be updating its new iPads at its forthcoming May 7 event. While this may come as a relief to anyone who’s been patiently waiting to upgrade their iPad Pro or iPad Air, a new report has thrown the whole situation into confusion.

That’s because the latest Power On newsletter from Bloomberg reporter Mark Gurman claims that the upcoming iPad Pro will contain an Apple M4 chip. On first blush, that doesn’t seem all that unusual -- the iPad Pro has come with an Apple silicon chip for years, after all. But here’s the wrinkle: this launch plan would mean the iPad will get an M4 chip before the Mac, and that has all kinds of weird implications. By delaying the iPad for so long, it looks like Apple has left itself with a very odd update cycle for its chips this time around.
The end of the M3 Ultra?

Read more
AMD’s canceled GPU could have crushed Nvidia
The AMD Radeon RX 7900 XTX graphics card.

For months now, we've been hearing rumors that AMD gave up on its best graphics card from the upcoming RDNA 4 lineup, and instead opted to target the midrange segment. However, that doesn't mean that such a GPU was never in the works. Data mining revealed that the card may indeed have been planned, and if it was ever released, it would've given Nvidia's RTX 4090 a run for its money.

The top GPU in question, commonly referred to as Navi 4C or Navi 4X, was spotted in some patch information for AMD's GFX12 lineup -- which appears to be a code name for RDNA 4. The data was then posted by Kepler_L2, a well-known hardware leaker, on Anandtech forums. What at first glance seems to be many lines of code actually reveals the specs of the reportedly canceled graphics card.

Read more