Skip to main content

‘Sleeper’ Locker ransomware comes alive, infects hundreds

A new strain of ransomware that has been lying dormant on PCs was activated this week by its authors, catching users by surprise. The “sleeper” malware, which encrypts users’ files and holds them for a fee or ransom, appears to have infected computers several months ago but remained inactive until now.

According to security firm KnowBe4, the ransomware, dubbed Locker, was activated at midnight on Monday May 25 and caught users by surprise. Members of the Bleeping Computer forums were some of the first to notice the ransomware with several infected users calling out for help as well as posting screenshots of their ransom messages.

“As of yesterday, I found out I have been infected with some kind of ransomware. I spent all night trying to find a solution but nothing bare [sic] fruit…,” wrote one user, who tried using FireEye and Fox-IT’s Decryptolocker solution but to no avail.

Locker is very similar to the infamous CryptoLocker, says KnowBe4 CEO Stu Sjouwerman, and the new malware may have stemmed from a “compromised MineCraft installer.” It represents a new tactic from malware authors where the ransomware sits dormant for some time before being activated. Typically, ransomware encrypts a user’s files as soon as it is downloaded.


“Warning any attempt to remove damage or even investigate the Locker software will lead to immediate destruction of your private key on our server!” read some of the notices shared on Bleeping Computer. Locker demands 0.1 Bitcoin, which at the time of reporting is worth about $23. There are reportedly hundreds of users infected at this point but no word on if anyone has paid.

The ransom that Locker is demanding is actually quite small. Most ransoms ask for about $500 worth of Bitcoin. A recent report from FireEye pointed out that some cyber-criminals are actually willing to lower their prices. Lowering prices and making it easier to pay up allows them to target more users for smaller paydays each rather than hoping for one large ransom. With Locker lying dormant and unnoticed for months, this allowed the cyber-criminals to amass a hefty number of infected computers before encrypting any files.

Cases of ransomware have grown significantly over the last year on both PC and mobile, and there are even cases of police departments paying up to get their encrypted files back. Paying the ransomware can be a tricky situation, and most security pros advise against it. In most cases, the cyber-criminals will actually decrypt the files once the money is received, but this is never a guarantee; there have been incidents of criminals simply taking the money and running.

Locker is just another member of this growing malware family now. “At this very early time after the initial discovery, things are still somewhat murky, but we will keep you in the loop about any developments,” adds Sjouwerman.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
All the reasons I’m excited (and worried) for Apple’s Reality Pro headset
A woman wearing a virtual reality headset against an orange background.

Apple is set to launch its Reality Pro headset -- its most anticipated new product in years -- at the company’s Worldwide Developers Conference (WWDC) on June 5. I’m excited to see what the Cupertino firm unveils on stage, and there are plenty of reasons to hope that the device will revolutionize the industry.

But there are also things I’m deeply worried about with the Reality Pro, and there’s more than a slight chance that it could be an abject failure. Which outcome is more likely? Well, that depends on what Apple reveals to the world at WWDC. Let’s see what could go right -- and absolutely wrong -- with the Reality Pro.
Apple has waited for the right time

Read more
ChatGPT: How to use the AI chatbot that’s changing everything
ChatGPT app running on an iPhone.

ChatGPT has continued to dazzle the internet with AI-generated content, morphing from a novel chatbot into a piece of technology that is driving the next era of innovation. Not everyone's on board yet, though, and you're probably wondering: What's ChatGPT all about?

Made by OpenAI, well-known for having developed the text-to-image generator DALL-E, ChatGPT is currently available for anyone to try out for free, now with even a free iOS app being launched. Here's what ChatGPT is, how to use it, and how it could change the future of the internet.

Read more
This 38-inch curved Alienware QHD monitor is $450 off right now
The Alienware QD-OLED monitor in front of a window.

Dell has one of the best monitor deals around for gamers who want to be fully immersed in the experience. Today, you can buy a Alienware 38 Curved Gaming Monitor for $900 with a saving of $450 off the regular price of $1,350. A premium product, this is a monitor that's going to last you a long time to come. If you want the ultimate gaming experience and already have the rig to support such performance, this is the one for you. Here's all you need to know or you can tap the buy button below to get straight to making a purchase.

Why you should buy the Alienware 38 Curved Gaming Monitor
The best curved gaming monitors provide a fantastically immersive experience. With the Alienware 38 Curved Gaming Monitor, you get a native QHD resolution of 3840 x 1600 at 144Hz when connected via DisplayPort or 85Hz when connected via HDMI. A true 1ms gray to gray response time in extreme mode helps cut down on motion blur issues while there's a color gamut of 130.6% sRGB and 95% DCI-P3. The IPS panel is also DisplayHDR 600 capable and there's color support for up to 1.07 billion colors. Nvidia G-Sync Ultimate certification also helps for anyone with the relevant graphics card.

Read more