Skip to main content

‘Sleeper’ Locker ransomware comes alive, infects hundreds

exploit
Image used with permission by copyright holder
A new strain of ransomware that has been lying dormant on PCs was activated this week by its authors, catching users by surprise. The “sleeper” malware, which encrypts users’ files and holds them for a fee or ransom, appears to have infected computers several months ago but remained inactive until now.

According to security firm KnowBe4, the ransomware, dubbed Locker, was activated at midnight on Monday May 25 and caught users by surprise. Members of the Bleeping Computer forums were some of the first to notice the ransomware with several infected users calling out for help as well as posting screenshots of their ransom messages.

“As of yesterday, I found out I have been infected with some kind of ransomware. I spent all night trying to find a solution but nothing bare [sic] fruit…,” wrote one user, who tried using FireEye and Fox-IT’s Decryptolocker solution but to no avail.

Locker is very similar to the infamous CryptoLocker, says KnowBe4 CEO Stu Sjouwerman, and the new malware may have stemmed from a “compromised MineCraft installer.” It represents a new tactic from malware authors where the ransomware sits dormant for some time before being activated. Typically, ransomware encrypts a user’s files as soon as it is downloaded.

Locker17
Image used with permission by copyright holder

“Warning any attempt to remove damage or even investigate the Locker software will lead to immediate destruction of your private key on our server!” read some of the notices shared on Bleeping Computer. Locker demands 0.1 Bitcoin, which at the time of reporting is worth about $23. There are reportedly hundreds of users infected at this point but no word on if anyone has paid.

The ransom that Locker is demanding is actually quite small. Most ransoms ask for about $500 worth of Bitcoin. A recent report from FireEye pointed out that some cyber-criminals are actually willing to lower their prices. Lowering prices and making it easier to pay up allows them to target more users for smaller paydays each rather than hoping for one large ransom. With Locker lying dormant and unnoticed for months, this allowed the cyber-criminals to amass a hefty number of infected computers before encrypting any files.

Cases of ransomware have grown significantly over the last year on both PC and mobile, and there are even cases of police departments paying up to get their encrypted files back. Paying the ransomware can be a tricky situation, and most security pros advise against it. In most cases, the cyber-criminals will actually decrypt the files once the money is received, but this is never a guarantee; there have been incidents of criminals simply taking the money and running.

Locker is just another member of this growing malware family now. “At this very early time after the initial discovery, things are still somewhat murky, but we will keep you in the loop about any developments,” adds Sjouwerman.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
3 important ways gaming on Arm PCs just got better
Gaming on a laptop with the Snapdragon X Elite chip

While the current selection of Copilot+ PCs aren't focused on gaming, Microsoft has expressed strong confidence in the potential of gaming on Arm-based PCs.

With the launch of Qualcomm’s Snapdragon X Elite platform, the tech giant highlighted several improvements and initiatives aimed at enhancing the gaming experience on the platform, particularly with the Copilot+ PCs coming soon. These advancements include optimizations through Microsoft's "Prism" technology, automatic super resolution, and enhanced anti-cheat software compatibility, all of which address some of the long-standing challenges faced by Arm-based systems in the gaming sector.

Read more
This small Windows update brings a highly requested change

Microsoft is simplifying file management in Windows 11 with a new feature in the latest Canary Build (an early preview version of Windows 11). Users can drag and drop files directly between breadcrumbs (paths) in File Explorer. This fulfills a common request from Windows Insiders, and is something Microsoft recently announced in a June 19 Windows Insider Blog post.

These breadcrumbs are the paths you take to where you want to save your file. For example, This PC > Windows (C:) > Program Files. The breadcrumbs will appear in the Address Bar and display the current path taken inside the app. This feature also seems to have reached non-Insiders since its release at the end of May.

Read more
This Alienware 14-inch gaming laptop deal cuts the price by $600
Forza Horizon 5 running on the Alienware x14 R2.

While there is a lot of interest in larger gaming laptops that come in 17-inch and 18-inch sizes, for many, having a smaller laptop is much better, especially if they are constantly on the move and don't want to be lugging around something massive. That's where the Alienware x14 R2 comes in quite handy; it's a small laptop that's slim enough to fit into pretty much any bag so that you can travel and move around without having to purchase a specific backpack or messenger bag to fit something bigger. Of course, being Alienware, its quite expensive, but luckily you can grab yourself the Alienware X14 R2 directly from Dell for just $1,400 rather than the usual $2,000.

Why you should buy the Alienware x14 R2
Probably one of the most important parts of any gaming laptop is the GPU under the hood, and in this case the Alienware x14 R2 has a relatively solid RTX 4060. That's a great card for 2K gaming at around 60-70fps, and while you probably won't be able to have the game in ultra graphical settings, you'll get somewhere between medium and high. Even so, it's a great option for those who prefer more casual or indie games, or even free-to-play games like Rocket League and League of Legends, since these games tend to be better optimized for more hardware than just the high-end stuff.

Read more