Skip to main content
  1. Home
  2. Computing
  3. News

‘Sleeper’ Locker ransomware comes alive, infects hundreds

Jonathan Keane
By

exploit
Image used with permission by copyright holder
A new strain of ransomware that has been lying dormant on PCs was activated this week by its authors, catching users by surprise. The “sleeper” malware, which encrypts users’ files and holds them for a fee or ransom, appears to have infected computers several months ago but remained inactive until now.

According to security firm KnowBe4, the ransomware, dubbed Locker, was activated at midnight on Monday May 25 and caught users by surprise. Members of the Bleeping Computer forums were some of the first to notice the ransomware with several infected users calling out for help as well as posting screenshots of their ransom messages.

Recommended Videos

“As of yesterday, I found out I have been infected with some kind of ransomware. I spent all night trying to find a solution but nothing bare [sic] fruit…,” wrote one user, who tried using FireEye and Fox-IT’s Decryptolocker solution but to no avail.

Locker is very similar to the infamous CryptoLocker, says KnowBe4 CEO Stu Sjouwerman, and the new malware may have stemmed from a “compromised MineCraft installer.” It represents a new tactic from malware authors where the ransomware sits dormant for some time before being activated. Typically, ransomware encrypts a user’s files as soon as it is downloaded.

Locker17
Image used with permission by copyright holder

“Warning any attempt to remove damage or even investigate the Locker software will lead to immediate destruction of your private key on our server!” read some of the notices shared on Bleeping Computer. Locker demands 0.1 Bitcoin, which at the time of reporting is worth about $23. There are reportedly hundreds of users infected at this point but no word on if anyone has paid.

The ransom that Locker is demanding is actually quite small. Most ransoms ask for about $500 worth of Bitcoin. A recent report from FireEye pointed out that some cyber-criminals are actually willing to lower their prices. Lowering prices and making it easier to pay up allows them to target more users for smaller paydays each rather than hoping for one large ransom. With Locker lying dormant and unnoticed for months, this allowed the cyber-criminals to amass a hefty number of infected computers before encrypting any files.

Cases of ransomware have grown significantly over the last year on both PC and mobile, and there are even cases of police departments paying up to get their encrypted files back. Paying the ransomware can be a tricky situation, and most security pros advise against it. In most cases, the cyber-criminals will actually decrypt the files once the money is received, but this is never a guarantee; there have been incidents of criminals simply taking the money and running.

Locker is just another member of this growing malware family now. “At this very early time after the initial discovery, things are still somewhat murky, but we will keep you in the loop about any developments,” adds Sjouwerman.

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
4 CPUs you should buy instead of the Ryzen 7 7800X3D
AMD Ryzen 7 7800X3D sitting on a motherboard.

The Ryzen 7 7800X3D is one of the best gaming processors you can buy, and it's easy to see why. It's easily the fastest gaming CPU on the market, it's reasonably priced, and it's available on a platform that AMD says it will support for several years. But it's not the right chip for everyone.

Although the Ryzen 7 7800X3D ticks all the right boxes, there are several alternatives available. Some are cheaper while still offering great performance, while others are more powerful in applications outside of gaming. The Ryzen 7 7800X3D is a great CPU, but if you want to do a little more shopping, these are the other processors you should consider.
AMD Ryzen 7 5800X3D

Read more
Even the new mid-tier Snapdragon X Plus beats Apple’s M3
A photo of the Snapdragon X Plus CPU in the die

You might have already heard of the Snapdragon X Elite, the upcoming chips from Qualcomm that everyone's excited about. They're not out yet, but Qualcomm is already announcing another configuration to live alongside it: the Snapdragon X Plus.

The Snapdragon X Plus is pretty similar to the flagship Snapdragon X Elite in terms of everyday performance but, as a new chip tier, aims to bring AI capabilities to a wider portfolio of ARM-powered laptops. To be clear, though, this one is a step down from the flagship Snapdragon X Elite, in the same way that an Intel Core Ultra 7 is a step down from Core Ultra 9.

Read more
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more